By Sumit Bansal In recent years, cyber attacks have become more prevalent and sophisticated, and advanced persistent threats (APT) have emerged as a new class of malware threats along with exploit kits packaged with exploit codes. According to the Verizon 2015 Data Breach Investigation Report, in 2014, there were 79,790 security incidents of which 2,122 were confirmed data losses. This is a 26 percent increase in security incidents and 55 percent increase in data breaches compared to 2013. In order to defend against known and emerging threats, organizations today deploy multiple layers of security on their networks and endpoints which includes various products and technologies. Although these deployments of host and network-based firewalls provide some form of defense, there is a fundamental deficiency in their deployment in that they fail to make one another better. This gap is known as ?technology silos? where control and enforcement points operate in isolation, rarely sharing information in a meaningful fashion, which means that firewalls do not get access to contextual insights that the endpoints possess. Traditionally, third-party technology has been implemented to overcome this lack of contextual connection between the endpoint and networks. However, this approach has fundamental challenges as it is inherently the investigation process after a threat has been detected, and tends to put all the effort into structuring the event data from disparate sources, with little focus on extracting actionable information from the resulting data. Also, due to the various tools involved, this approach requires several employees to build and monitor the system. As resource-constrained IT security teams are a norm today, a synchronized approach is essential ? one that establishes real-time communication between network and endpoint products enabling automated and coordinated action to deliver a new level of protection to organizations. What is synchronized security? For decades, the security industry has been treating network security and endpoint security as two different silos. Metaphorically, it is like putting one security guard outside the building and another inside the building, but not allowing them to talk to each other. Synchronized security is akin to enabling these two security guards to talk to each other with a 2-way radio, so that when one of them spots any suspicious activity, the other knows about it instantly. In other words, security defenses need to be as coordinated as today?s cyber attacks, in order to be effective. Endpoint and network security should be talking and working together to deliver synchronized security with real-time information shared and automated response enabled. Sophos is pioneering this new concept in security through its Security Heartbeat capabilities that directly links next-generation firewalls to next-generation endpoint security. The real-time communication seamlessly enables threat intelligence to be shared easily while also enabling faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution. The new approach allows endpoint and network protection to act as one integrated system, and enables organizations to prevent, detect, investigate and remediate threats in real-time, without adding any staff. With synchronized security protection, organizations of any size can advance their defenses against increasingly coordinated attacks. In particular, small and medium businesses (SMBs) and mid-market organizations especially stand to benefit as they may not have the luxury or budget to invest in complex security protection and remediation. Benefits of synchronized security Today?s cyber threats are fast moving, sophisticated and coordinated. With a synchronized security system, every business is better protected because they can find the threat, identify the source, and have an automated protection response kick in without anyone needing to press a button. The benefits can be summarized as follows:
- Synchronized security automatically and immediately detects and stops security breaches across the entire IT ecosystem due to the real-time communication between the endpoint and network.
- It is simple to understand, deploy and use
- Multiple platforms and devices are protected against attackers that target the whole system.
- Workload of IT teams can be reduced drastically as there is no additional layer of technology or complexity involved.
- It effectively prevents, investigates and remediates today?s threats across the entire threat surface