Posted on

How to Rock Endpoint Threat Containment

Enterprise IT sits between a rock and a hard place.

On the one hand, the business keeps pushing IT to support new network-dependent applications, from mobile and cloud to emerging Internet of Things (IoT) initiatives. On the other hand, these deployments significantly increase network complexity and attack surfaces, as more employees demand access to critical applications from anywhere at any time using any device.

When endpoints can range anywhere from a cloud-based server to a BYOD smartphone in a coffee shop, how can IT stay ahead of emerging – and increasingly successful – endpoint threats?

The issue is compounded by the complexity of today’s defenses. While potential threats may be identified by a range of security tools, network devices or even the endpoints themselves, understanding and correlating all that information to quickly detect and stop real threats in their tracks is difficult at best.

Gap Between Time-to-Compromise and Time-to-Discover Creates Risk

In fact, Verizon’s most recent Data Breach Investigations Report (DBIR) found that while attackers are compromising systems faster, enterprises are detecting them slower, with the gap between time to compromise and time to detect now averaging 77%.

Worse, the gap translates to actual business losses in productivity, brand and even revenue with new data from IBM finding the cost of a breach has risen to $4 million per incident — up 29% since 2013. The same data also underscores the need for rapid, effective incident response with IBM also reporting that simply having an incident response team in place lowered the cost per stolen record by as much as $16.

Closing Security Gap Takes a Collaborative Approach

To get a better handle on endpoint threats, organizations need to take a different approach, one that’s more collaborative and can automatically triage alerts and incident response across siloed security, network operations and endpoint management teams. Our partner, Fortinet, understands the issue and has partnered with Bradford Networks so that we can offer our customers just such an approach.

Bradford’s Network Sentry solution coupled with Fortinet’s next-generation FortiGate firewalls and FortiSandbox platforms enable IT to identify and contain compromised endpoints in just seconds through:

  • Next-generation security capabilities: When a compromised endpoint connects to the corporate network and tries to open up a command-and-control channel back to an attacker, for example, FortiGate and FortiSandbox immediately detect and block the callback.
  • Collaborative communications: The Fortinet tools alert Network Sentry that an endpoint is engaging in risky network behavior.
  • Contextual correlation: Network Sentry uses its live inventory of network connections to automatically correlate the suspect IP address with its user name and endpoint profile. This enables IT to accurately and automatically identify and isolate the endpoint.
  • Fast, automated response: IT can then choose, in real time, to isolate, restrict or block compromised endpoints based on user profile and business criticality. They can also ensure this policy is automatically shared among all network and security tools so that the right policy is applied at the right time to all endpoints, no matter where or how they connect.

As a value-added distributor for Fortinet, Fine Tec can help ensure your customers contain any and all endpoint threats quickly, accurately and effectively. Learn more.