For more information, please read the related ESG Lab Spotlight, ESG Lab Spotlight:ProtectWise: Shifting Network Security to the Cloud.
Hello, and welcome to this ESG Lab Video Summary. Over the next few minutes I'll be reviewing the results from a recently completed ESG Lab Spotlight on ProtectWise. Network security is no longer a quiet quid pro quo game played out in silence behind the scenes by super hero security professionals, and master mind cyber criminals in dark labs. Malware is becoming more sophisticated, and the volume and number of targeted attacks is on the rise. This, coupled with the upsurge in network traffic, means that the task of the network security professional is becoming increasingly difficult.
ProtectWise is designed to shift network security to the cloud with the ambitious goal of dramatically improving visibility and detection of threats, while simultaneously enabling effective incident response. ProtectWise enables enterprises to place an unlimited number of lightweight software sensors on their networks that passively capture, optimize, and replay network traffic into the ProtectWise secure cloud Platform. This creates a long term network memory in the cloud known as ProtectWise Cloud Network DVR. This allows for continuous analysis, and automated surveying of historical network traffic, leveraging cloud economies of scale to provide an unlimited retention window with full fidelity forensic capability.
ESG Lab participated in a hands-on demonstration hosted by ProtectWise of the ProtectWise Cloud Network DVR deployed in live production environments. The ProtectWise heads-up display, part of the visualizer, provides a live animated graphical representation of all activity detected in the network. The presentation represents a tremendous amount of real-time data, from the general, like network bandwidth being consumed by each type of application, to the very specific, like the precise threads active on the network, the geographies the threads are originating and terminating in, a live timeline showing threats as they are occurring, and the risk of each threat color-coded for easy identification of the highest priorities.
Here we are looking at a remote buffer overflow exploit which has been assigned a very high priority. ProtectWise provides a security analyst with a ton of useful information about this activity, including the categories the attack might fall into, like malware, the stages of the cyber kill-chain that are active, and the specific activities like data theft. Detailed observations surrounding a threat are readily available by clicking on the specific exploit, as well as the start and stop time of the event, and the amount of data transferred, and the direction of data movement.
Security professionals often describe their work environment as a constantly accelerating treadmill. Cyber adversaries enhance their attack methods, security vendors respond with countermeasures, and security professionals are expected to keep up with developments on both sides, while maintaining their organization's information security posture.
Traditional security is implemented at the organization's perimeter. With modern BYOD devices that live both inside and outside the perimeter fence, and are subject to infection and compromise at any time. Perimeter and endpoint security technologies rely on the signatures of known compromises and fail to prevent infections implemented with the previously unseen exploits. ProtectWise is offering a new security tool that addresses these challenges, increasing an organizations' visibility into network activity, detection of threats in real-time and historically through continuous collective analysis, and the ability to respond quickly and effectively to threats, via an advanced information rich heads-up display and deep forensic analysis.
The ESG Lab was impressed with both the ability of the Cloud network DVR to record, retain and retrospectively analyze full fidelity network data for a potentially unlimited forensic window, as well as with the information rich user interface. We loved ProtectWise's live timeline view that visually identifies threats as they occur, as well as the ability to retrospectively analyze historical data, and uncover threats that were previously unknown. It's like having an automated time machine threat detector.
ESG Lab would recommend to any organization interested in gaining deep insight into network activity, while improving its overall cyber security posture, would be smart to take a closer look at ProtectWise technology today. If you would like to learn more, you can download the full ESG Lab validation report from the ProtectWise website.