The enterprise network protected by NDR: the reality, and two best vendors
The attack surfaces malicious bad actors can focus on are growing in number, and that’s a considerable threat to the enterprise. With cloud services designed to be simple to spin up, companies face an expanding threat picture, one that’s blurred by so-called “shadow IT,” that is, apps and services deployed without the express knowledge of any IT professional on the company’s payroll.
Furthermore, as companies outsource or even test new systems, there’s an increase in third parties getting access to sensitive data and many systems — almost always for the best of reasons (for example, like testing a new cybersecurity vendor’s methods!), but with potentially terrible consequences.
Across APAC, companies are using technology to gain a competitive edge on others in their industry, and with IT’s role in the larger enterprise now one of strategic monitor and enabler — rather than its historic limiting/braking function — many security departments and network operations specialists are finding that keeping the network safe is difficult. And having mentioned security and network operations, it’s also worth noting that the two divisions of the IT function are sometimes seen to be running in different directions: SecOps are conservative in their approach, attempting to prevent attack and exfiltration, while NetOps is all about enabling and creating new possibilities. That’s a simplification, of course, but it’s another factor with which CTOs, CNOs, and CSOs must contend.
Most companies deploy a variety of security systems and devices, and if they’re lucky, those systems even work together in some ways. Endpoint protection systems, SIEM and log analysis, perimeter protection, network monitoring, PAM, and user education (to name a few) combine to help protect the enterprise’s data from compromise. The weakest link remains the people in the business, with malicious payloads delivered by email still the most common form of a successful attack. That does make user education massively important, but even seasoned IT professionals have been fooled by clever, personalized phishing, and given that rather embarrassing truth, companies are well aware (we would hope) that successful attacks will occur — there is no if attacks hit their mark, any more.
The security concept of zero trust is not new, but its advocacy and methods are today much more convoluted than even five years ago. Highly distributed apps and services over hybrid networks are the norm, so solutions that aim to protect have to be cloud-capable. That’s not necessarily a problematic challenge technically, but, the usual presence of shadow IT and BYOD, for instance, make the reality a significant drain on IT resources.
The trick is to monitor every instance of IT via its network traffic, not to cross-check patterns of behavior against existing, recorded cases of previous malicious activity (a network packet blacklist, if you like), but to develop a picture of normality at the network level. Therefore, it will take a significantly intelligent attacker to launch attacks that achieve anything other than successful incursion — and even then, incursion itself has several recognizable signatures, even for in-memory malware instances.
The AI difference
Cybersecurity systems of the new generation are using AI algorithms to comb through the massive throughputs of data in the enterprise to search for anomalous behavior. But beyond that, AI is also being put to good use to collate and learn from the best, most effective (and by that, we mean speedy) responses to certain types of behavior.
AI can aid investigations by finding commonalities between amelioration techniques, and — like in many areas of the enterprise IT stack — create automated systems that automatically perform repetitious SOC tasks. That frees up staff to take a more proactive, investigative stance, rather than be a reactive force, always on the back foot.
While many claims for AI in the enterprise’s business-oriented solutions outside of cybersecurity can be dismissed as marketing bluster, the technologies in daily use by new-generation cybersecurity systems are almost textbook use-cases for AI: pattern detection from big data. That means self-improving security and a better prepared SecOps department.
Here at Tech Wire Asia, we’re looking at two providers of this type of latest technology. They are both seeing effective deployments in cybersecurity operations in many companies in APAC, as well as across the world.
ExtraHop delivers cloud-native network detection and response (NDR), providing a single point of reference for security teams that exposes any strange behavior anywhere in the extended, hybrid enterprise at a glance. With complete visibility, real-time detection, and guided investigation, ExtraHop enables security operatives to rapidly spot, contextualize, and respond to potential threats.
The ExtraHop Reveal(x) platform automatically discovers and classifies every asset, service, and platform across the full width of the enterprise IT stack, with full SSL/TLS decryption and advanced machine learning to flag unusual or suspicious behavior.
The platform helps security teams quickly move to isolate an incursion, providing deep context regarding both how any malicious code has (or will) spread and advising security staff as to the best courses of action to take. Unlike IDS, SIEM, and automated monitoring routines that detect known malware signatures, ExtraHop Reveal(x) detects known and unknown threats lurking inside the perimeter and therefore dramatically reduces the possible dwell time of threats that might otherwise avoid detection for weeks or months.
We fully recommend exploring the live, interactive product demo on the ExtraHop website. Read more about how network detection and response solutions from ExtraHop fill a crucial gap for enterprise cybersecurity here on the pages of Tech Wire Asia.
As it has transitioned to a service-oriented, largely cloud-centric IT provider, IBM’s solutions are finding more uses across enterprise IT. In cybersecurity settings, the two key platforms to watch out for are QRadar and X-Force Incident Response and Intelligence. The former is a real-time network monitoring solution that can deploy artificial intelligence to unearth digital activity in any of the business’s domains that is suspect in any way.
Using the company’s own Watson AI engine, activities associated with cyber attacks are actively learned over time, so any successful incursion will be flagged, not by its presence, but by its activity.
That differentiation makes the QRadar solution ideal for companies with broadly hybrid solutions, as it’s mostly irrelevant whether there are incursions in-house, on an employee’s device, or on compromised public-facing cloud services.
In addition to its silicon-based systems, IBM also offers X-Force Incident Response, a consultative support service designed to fill in the gaps in any internal security team’s skillsets. The combination of digital systems that teach themselves and the expert insights offered by a household name’s dedicated security teams makes the IBM offerings indeed ones to consider. You can learn more about IBM’s security platforms and the options available to you by clicking here.
*Some of the companies featured on this editorial are commercial partners of Tech Wire Asia
- Data Science: Collaboration Required
- Financial services: Overcoming identity challenges to thrive in the digital space
- Why Predicting the Future of Cyber Security Means Thinking Like a Hacker
- Until people stop making mistakes, there’s DNSWatchGo from WatchGuard
- Spoiled for choice? Cloud services get abstraction (and a little help for IT, too)