Final-Connect-Image.jpg

Endpoint + Network Detection: Better Together

Posted by Michael Davis   |   September 5, 2014

Defense in Depth is touted in the security industry daily. Every engineer learns about the concept in university and countless whitepapers will expound that it can save your butt when an attack occurs.

But how can defense in depth work if your network technologies don’t talk to your endpoint technologies, and neither interact with your threat intelligence feeds? Without collaboration these controls are like ships passing each other in the night rather than a concentric circle of soldiers.

better_together_pic_stockLet’s walk through an example. Say you have our endpoint threat detection and response technology deployed on your endpoints. We are giving you context and visibility on what activity is happening on those endpoints in real-time.

As software changes, or in a DHCP network, as a new machine gets a new IP address and has a different operating system, we will send that information to your firewall or IPS device. Those network devices take that information and dynamically adjust their rule sets to match what they are defending.

For example, a system with IP 192.168.1.32 is running Windows XP SP3 with Adobe Acrobat X, that IP then gets reassigned to a new system that is running Windows 7 but still has Adobe Acrobat X. Your IPS gets that updates OS and software information from us, enabling it to ignore exploits targeted to that IP that are strictly for Windows XP since that machine is no longer running Windows XP!

It works the other way too, for example, if that same machine was compromised, the network can quarantine the machine and prevent other machines on the network from interfacing with it while allowing your support desk access to the machine for remediation.

adaptive_security_architecture_in_attack_lifecycleWe are big believers in the adaptive security architecture that Gartner has created (heck, we were a 2014 Gartner Cool Vendor), but this collaborative security architecture is probably the approach that will get you the quickest ROI without additional spend.

The end result is fewer alerts, lower false positives form your network devices, and a better return on your security investment

Topics: cybersecurity, Sentinel, endpoint security, Gartner Cool Vendor, endpoint security integration

Subscribe to Email Updates

Posts by Topic

see all