Gone are the days when you could adequately protect your enterprise by installing a firewall, whether it was Cisco, Checkpoint, Juniper or other. Today the types of network threats have grown to include Denial of Service, Hijack, Spoof, Exploit, Password and Phishing. You can no longer focus solely on locking down your router as threats could be coming from inside your network as well. Firewalls simply are not up to the task, so you need to consider and implement other forms of threat defense solutions or your business may be at risk.
There are several types of advanced threat defenses and CPI solutions can help you select and implement the best way to protect your enterprise.
- Network Traffic Analysis reviews all network traffic and compares it to baseline data. This is an extremely effective form of advanced threat defense, but it requires significant management resources. These tools can detect botnet traffic and rogue DNS traffic. But, Network Traffic Analysis from most solution providers only has the ability to sample data, versus inspecting every packet.
- Network Forensics utilize full packet capture and data warehousing, allowing detailed traffic analysis and response to incidents. By warehousing traffic, you can reconstruct flows and events. It sniffs for packets and even parses PCAP files in order to help its users detect the OS, hostname and open ports of hosts on the network. This can prove an excellent tool for incident response teams seeking to reassemble transmitted files and certificates without adding additional traffic to the network.
- Payload Analysis uses sandbox techniques in the cloud or on-premise for enterprise advanced threat defense, providing near-real-time detection of attacks, taking several seconds or minutes. They have varying success in detecting threats before they start their damage. Performance in simulated lab environments may not be representative of real-world performance.
- Endpoint Behavior Analysis requires “application containment to protect endpoints by isolating applications and files in virtual containers. Other innovations in this style include system configuration, memory and process monitoring to block attacks, and techniques to assist with real-time incident response.” This approach requires an agent on every endpoint, according to Gartner. This approach is quite effective and provides forensic analysis, but can be labor intensive.
Gartner recommends that enterprises utilize at least two difference styles of advanced threat defense, with the understanding that one single solution is not adequate. This is not about firewalls and protecting your organization from viruses. Advanced threat defense is focused on protecting your organization from attempts to steal enterprise data.
The network security consultants at CPI solutions can assist your company on evaluating and implementing the right threat detection strategy for your organization.