Blog - article

Sorry, this blog post has not been posted yet. Come back and check again later!

How to gain full threat visibility where only the network exists

By:
Henrik Davidsson
June 6, 2019

Your network is not finite, with a clear beginning or end. Your network is always expanding, connecting to internet-of-things (IoT) devices, cloud applications and infrastructure, operational-technology (OT) networks, partners and suppliers. Constant change and growth are necessary to deliver new services and products and keep employees productive.

Many organizations are exploring IoT. Business drivers include making data analytics more accessible, better informed decision-making, uncovering new business opportunities, creating a safer and more productive workplace, and process or behavior monitoring and optimization.

IoTis a new source of risk

Controlling risk and exposure on IoT devices with embedded operating systems creates new challenges.

Traditional endpoint security and patching are often impossible through normal operating procedures, and IoT devices often have an open attack surface.

Source:“Applying Network-Centric Approaches for Threat Detection and Response,“ 18March 2019, Augusto Barros, Anton Chuvakin, Anna Belak, Gartner, ID Number: G00373460

Security tools focusing on malicious code or perimeter defense provide limited visibility once the attacker has successfully infiltrated the environment.

Security analysts are flying blind when it comes to compromised IoT devices.

A powerful triad

But there’s a better way to gain full visibility into threats: The security operations center (SOC) visibility triad, recently introduced by Gartner.

TheSOC visibility triad consists of network detection and response (NDR), endpoint detection and response (EDR) and log-based detection (SIEM). A uniquely powerful combination, the triad offers the best coverage of all threat vectors across cloud workloads and enterprise infrastructures and user and IoT devices.

With this combination, threat analysis does not depend on signatures or reputation/blacklists. Instead, detection focuses on attacker behaviors and malicious patterns from inside the network, whether the inside attacker is a rogue employee or an outsider.

EDR provides clear visibility into host-level activity but requires extended visibility for hosts that can’t install agents at all, such as IoT or hosts that support a selective installation of agents.  

SIEM and log-based tools are great for business intelligence, reporting and correlation across data sources, but require additional information for lateral movement, network detection and response use cases.  

WithNDR, the network provides defense layer visibility into all IP devices acting suspiciously.This defense layer helps you detect the real unknown threats in your IT environment by focusing on the agenda the attacker has and what actions the attacker needs to perform to succeed.

AI-driven network detection and response

The Cognito network detection and response platform from Vectra is a key element in the  SOC visibility triad. Security analysts use Cognito for threat hunting and to perform conclusive incident investigations.

TheAI-driven Cognito detects active threats in real time across the enterprise – from cloud and data center workloads to user and IoT devices. Cognito analyzes cloud and network traffic, enriches the metadata with security insights, and prioritizes the highest-risk threats in real time.

Related content

For more information about the SOC Visibility Triad, check out the solution brief, “The ultimate in SOC visibility.”

About the author

Henrik Davidsson

Henrik Davidsson is director of sales business development at Vectra, where he is responsible for customer value creation & managed service providers. He has over 15 years’ experience in working with large enterprises, service providers and always stays in the frontline of new security challenges and coaching end customers and partners alike on how to augment their security posture and cyber resilience.Henrik has held leading position at companies such as Cisco, Juniper Networks, VMware, FireEye and NTT Security.

Author profile and blog posts

Most recent blog posts from the same author

Security operations

How to gain full threat visibility where only the network exists

June 6, 2019
Read blog post
Security operations

Accelerate your cybersecurity with a managed detection and response service

June 20, 2019
Read blog post
Security operations

Vectra and Nozomi Networks safely secure the IT/OT convergence

August 12, 2019
Read blog post