Corporate IT networks are the foundation of today's information age and protecting them is a crucial element to ensure the proper functioning of IT solutions. As most organisations become heavily dependent on computer networks to facilitate work operations, a disruption in network service can have catastrophic consequences on the affected entity.
Nowadays, organisations typically deploy various security solutions, such as Firewalls, IPS/IDS, SIEM, and EDR to protect their sensitive data and network from the ever-increasing number of cyberattacks. However, the distributed nature of computer networks, especially in the wake of the COVID 19 pandemic, which resulted in increasing dependence on cloud technologies to facilitate remote work, requires having a sophisticated solution to monitor all interactions in such separated digital ecosystems.
This post will show the challenges CISOs face when planning their network security defence and how the ExeonTrace future-proof Network Detection & Response solution works beyond meeting their requirements in today's complex IT environment.
The author: Gregor Erismann, CMO of Exeon
1.Lack of complete IT environment visibility. Today's networks are hybrid; it contains a mix of cloud and on-premise devices and applications. Monitoring all interactions is a major challenge.
2. The increased dependence on third-party vendors to deliver many IT functions has increased an enterprise attack surface. The European Union Agency for Cybersecurity finds 66% of attacks focus on the supplier's code. The recent atttacks against SolarWinds and Kaseya are examples of supply chain attacks.
3. The challenge of inspecting encrypted network traffic. A large volume of network traffic is encrypted; this makes traditional network monitoring solutions that rely on Deep Packet Inspection blind and unable to detect advanced cyberattacks that utilise covert encrypted channels.
4. Non-malware threats, such as insider threats, credential abuse, policy violation, and data exfiltration have become widely prevalent. Stopping insider threats remains very difficult to achieve.
5. New malwares and zero-day exploits can infiltrate the best “traditional” security solutions as they are not yet recognised. According to Sonicwall, there were 268,362 'never-before-seen' malware variants in 2020.
6. Hybrid IT environments cannot be monitored easily, especially if there is a need to install a hardware appliance in many connection points.
7. Some security solutions need to send data to an analytics backend in the public cloud to analyse suspicious activities or get more instructions on how to behave under some circumstances. Enterprise storing and processing sensitive customers' data such as patient health records (PHI) and financial info may not grant access to their internal systems because of the enforced compliance regulations.
8. The increased number of shadow IT devices and applications, especially in the rise of SaaS. According to Cloudsecurityalliance, 72% of IT leaders did not know the number of shadow IT apps within their organization.
9. Conventional security solutions trigger a large number of security alerts. This wastes the SOC team time and makes them unable to investigate all security alerts, although some could be legitimate alerts.
10. The need to incorporate threat intelligence feeds into existing security solutions to detect known malware.
ExeonTrace is a future-proof NDR solution that utilises advanced technologies to detect malicious traffic such as machine learning, deep learning, AI, and heuristic analysis.
ExeonTrace provides complete visibility (north-south and east-west) overall devices interactions across an enterprise IT hybrid environment (IoT, cloud, and on-premises devices), including those belonging to third-party vendors.
It can detect non-malware attacks and insider threats, such as policy violations and data leakage.
ExeonTrace primarily uses algorithms that don't operate on payload but on light-weight network log data extracted from the existing network infrastructure. This allows ExeonTrace to mitigate advanced cyberattacks (e.g., ransomware and APT) that need to open a C&C channel with the attacking server to receive attack instructions.
It does not require mirroring complete network traffic to function. This makes ExeonTrace excel in monitoring networks with heavy traffic.
ExeonTrace is a comprehensive security solution that provides different security functions such as threat detection, threat hunting, incidence handling, and vulnerability management.
It can integrate with popular threat feeds or use customer-specific feeds that enhance its ability to detect known threats.
ExeonTrace is entirely virtual and does not require installing any hardware component. It just analyses log data exported from the existing infrastructure.
ExeonTrace can work completely offline (including maintenance and update). No customers' data is sent outside their network.
As multiple data sources are considered, it does not overload SOC with security alerts. ExeonTrace visualises all security alerts on a unified dashboard for easy tracking. Alerts can also be sent to a SOAR, a SIEM, a ticketing system or via email.
Existing SIEMs can forward data to ExeonTrace.
By installing ExeonTrace, enterprises can ensure a high-security level of their network and consequently help them comply with the different data protection and privacy regulations that continue to emerge globally.
Finally, ExeonTrace is easy to install and requires a short learning curve.
To fortify cyber resilience in today's complex threat landscape, enterprises need to install sophisticated solutions to stop advanced cyberattacks. Most organizations deploy more than one security solution; however, ExeonTrace has the capability and intelligence to play different defence roles in one tool without decreasing its sophisticated detection capabilities.