You used to be able to protect your network with a firewall, whether it was Checkpoint, Palo Alto Networks, Fortinet, Cisco, Juniper or others. Today, the threats have expanded, so that your problems could be coming from inside your network as well as outside. Firewalls simply are not up to the task, so you need to consider advanced threat defense solutions.
Gartner Research write of five styles of advanced threat defense:
- Network Traffic Analysis to review all network traffic and compare them to baseline data. This is extremely effective form of advanced threat defense, but it requires significant management resources. These tools can detect botnet traffic, rogue DNS traffic. But Network Traffic Analysis from most solution providers only have the ability to sample data, versus inspecting every packet.
- Network Forensics utilize full packet capture and data warehousing, allowing detailed traffic analysis and response to incidents. By warehousing traffic, you can reconstruct flows and events. These are complex tools.
- Payload Analysis use sandbox techniques in the cloud or on premise for enterprise for advanced threat defense, providing near-real-time detection of attacks, taking several seconds or minutes. They have varying success in detecting threats before they start their damage. Performance in simulated lab environments may not be representative of real-world performance.
- End Point Behavior Analysis requires “application containment to protect endpoints by isolating applications and files in virtual containers. Other innovations in this style include system configuration, memory and process monitoring to block attacks, and techniques to assist with real-time incident response.” This approach requires an agent on every endpoint, Gartner says. This approach is quite effective, provides forensic analysis, but is labor intensive to manage.
- Endpoint Forensics uses endpoint agents to monitor hosts and collect data for incident response teams. They help automate incident response, but are challenging to use, since they are labor intensive to deploy and manage.
Gartner recommends that enterprises utilize at least two difference styles of advanced threat defense, with the understanding that one single solution is not adequate. This is not about firewalls. This is about protecting threats to steal enterprise data.
The experts at SD-WAN-Experts can assist your company on evaluating the right solution for your organization. Contact us today for more information.
