The days of firewall-only security are long gone and endpoint security is adapting. However, can you really protect the gems in your castle from cyber attackers without the context provided by network visibility?
Long gone are the Game of Thrones days of castles and sieges, where defenders had to protect a singular outer wall or risk being overrun by barbarians, zombies, or whoever else was knocking insistently at their gates. If the wall fell, the castle fell. If the wall stood, the castle stood.
Security analysts the world over wish for a return to such simple times. But technology has advanced, more people have become connected, and the complexity of networks has increased exponentially. Protecting the wall is no longer enough. In fact, the whole castle can fall while the walls stay standing!
According to Verizon’s 2015 Data Breach Investigations Report, end-user devices factor in 82% of security incidents. The traditional view of security has always assumed a neat separation: bad guys are outside, good guys inside. This model does not account for bad guys who have already gotten inside, or good guys who might be doing bad things without even realizing it.
Often, these internal threats and lateral movements of cyber-attackers will not trip the usual detectors. They are looking for the cyber-equivalent of barbarians or zombies—not for the usual users acting strange, or for anomalous movement within the walls of the network.
We’ve talked before about the impending “end” of firewalls, and now network perimeters are becoming less and less well-defined, and What’s more, the walls no longer define the castle. With every device or user that connects, a new dimension of access is added—meaning a new portal through which malicious actors can attack your network.
Endpoint security is making leaps and bounds towards solving this new set of security problems in an increasingly complex, BYOD world. But how can you really be sure you are protected against all these types of threats?
The common denominator for all threat types is that, eventually, the attackers must use the network at some point during their attack.
Because they must use the network they will leave detectable traces -- detectable only if you can have the granular visibility into the network that Corvil can provide. By knowing everything that happens on your network down to the packet level, spotting anomalies or suspicious lateral movements left behind by cyber attackers becomes a much easier task.
Context matters too, and Corvil enriches packet level visibility with a variety of security plugins, integrations, and meta data to empower security gurus to understand anomalies, incidents and events in context. This context becomes the difference between seeking out and eliminating threats and sitting back and hoping for the best.
You still have to protect your walls. But are you sure you really know what is happening in your castle? And even if you do: do you have the tools to hunt down the source of your problems? Corvil can help!