A BETTER PATH: Security Enlightened Security s Shift to the Cloud
Defense in Doubt Enterprises may be growing increasingly conscious of cybersecurity risks and investing millions of dollars in IT security, but the sad truth is that the breach statistics still outpace all these efforts. Even as they continue to add more security layers on their sizeable existing security investments, many enterprises still cannot keep up with the sheer volume and complexity of attacks that hammer their networks. It was another banner year for the bad guys in 2014. Breach totals reached 675 million records compromised, and approximately 43 percent of companies experienced a breach. 100 terrabytes of sensitive business information and IP exposed 56 million credit and debit cards exposed 145 million customer records breached 70 million customer records compromised 83 million bank accounts exposed 80 million customer records exposed
Worst of all, many of these breaches are not just smash-and-grab attacks. Security has gotten so behind the curve and is so unable to meet threats that attackers can afford to take their time on the network. According to the experts, it takes an average of 205 days for organizations to detect a network compromise. So how is it that with so much investment in security today, the bad guys are still beating up enterprises? In many ways, it comes down to four weaknesses in the today s security programs. Signs That Today s Security Approach Doesn t Work ALARM FATIGUE: The average North American enterprise has to process 10,000 security alerts per day DWELL TIME: 205 days to detect network compromise
On Premises Security s 4 Fatal Flaws These four weaknesses have existed for some time now, but they ve been difficult to address due to the limitations of on-premises security infrastructure. THREATS GO SILOED POINT IN TIME THE ENTERPRISE UNDETECTED INTEL SOLUTIONS IS AN ISLAND Enterprises are unable Fragmented security Prohibitive cost of hardware Security teams have no to affordably scale on infrastructure keeps to retain event information easy way to contextualize premises sensors, data security teams from easily and correlate threat all of their security data collection and analysis correlating security data intelligence keeps forensic with data from other to effectively identify from across the network windows limited to real- enterprises experiencing malicious behavior time alarms fraught with similar attacks false positives
Attackers do leave behind evidence of their forays into enterprise networks but they ve gotten good at minimizing their profiles. The better they get, the more deeply enterprises must inspect network packets to find seemingly innocent clues that can act as indicators of compromise. But to really get the kind of visibility and insight into these IOCs, enterprises have to collect, store and analyze more data than ever about network activity. The problem is that typical on premises infrastructure quickly buckles under the weight of all this data. It s expensive and simply doesn t scale. And besides, most security teams don t have the manpower or analytical engines to handle this data anyway. Something has got to give. If security organizations are to really keep up with the threats, they ll need to rethink how network security is delivered. To truly beat the breach statistics, they need to shift to the cloud
Cloud-Delivered Network Security At this point, everyone understands the value that the cloud model of service delivery has brought to the business. Many businesses have integrated cloud into IT to achieve digital transformation for core business functions. The highly distributed, fault-tolerant, secure platforms offered by today s mature cloud providers exemplify the future. They re what power high-frequency trading, massive supply chains, untold amounts of data leveraged by the Internet of Things, and many other disruptive technology applications. It s only a matter of time before security learns from these high-performance case studies and takes advantage of the cloud to address its own fatal flaws. Putting Security Data In The Cloud? Are You Crazy? Many security professionals are hesitant to support cloud adoption for even the most basic of business data. But security data in the cloud? It seems unthinkable. Download Whitepaper The truth is, though, that techniques to secure cloud infrastructure have matured considerably over the years. Given the right infrastructure and management team at a cloud provider, it is possible to deliver the kind of protection that sensitive security information requires. It s just a matter of vetting a cloud partner to ensure security is built into its DNA.
This shift to the cloud is an inevitable product of the evolutionary forces behind not just the IT security ecosystem, but the whole IT security realm as well. As the cat-and-mouse provision and scale through advanced cloud architectures. Clustered server technology and machine learning makes big data analysis of massive data sets possible. All the pieces are in place to make now the right time to start delivering network security as a cloud utility. game has progressed between the attackers and security teams, security vendors have upped the ante on protection Evolution of Cloud-Powered Security Network Security Platform measures. All Network But before now, enterprises just didn t have the infrastructure Detection Capabilities Traffic backstop necessary to get full 10+15+20+25+95 Email & Web value out of those protection Filtering Log File measures. Spam Intrusion Management Anti-Virus All that s changed now. Bandwidth is cheap and plentiful. Storage is easy to SIGNATURES SHARING (90s) PROXIES (00s) EVENT CONSOLIDATION NETWORK REPLAY Big Data Analytics
ECONOMIES OF SCALE As security organizations seek to shift to the cloud, they should be looking for solutions that help them achieve three major objectives: ECONOMIES OF INTELLIGENCE ECONOMIES OF VALUE Cloud-delivered solutions should give an enterprise the ability to collect all the data it needs to find suspicious behavior and store it as long as necessary for a full forensic view Security s shift to the cloud should offer the capability to turn enterprise-wide security data into intelligence by centralizing processing and employing advanced big data analytics The cloud model makes it possible to rapidly deploy a centralized platform for immediate time-to-value without risking a large capital expenditure that will age quickly
DEEP PACKET INSPECTION Collect the most complete data possible about network behavior LONG-TERM, SECURE PACKET RETENTION Store data longer to catch low-and-slow attacks UNLIMITED FORENSIC WINDOW Examine data as far back as it takes to trace the steps of long-term attacks UNIFIED DATA COLLECTIVE, COLLECTIVE AUTOMATED HAYSTACK CORRELATED NOISE RETROSPECTION Ask more analytical THREAT ANALYSIS REDUCTION Automatically look back in questions of previously Use industry-wide Cut through alert fatigue time when attacks are found uncorrelated data intelligence from peers using intelligence that to discover newly identified to tie threat trends with pinpoints the most indicators network behavior important threat indicators RAPID DEPLOYMENT Achieve immediate time to value SaaS DELIVERY MODEL Make security a smaller recurring operational expense, rather than a big, risky capital expenditure SINGLE, INTEGRATED PLATFORM Future-proof security practices with a platform that makes it easy and low-risk to try new features and modules
ProtectWise Secure Cloud Architecture Delivers Security at Scale Built around these economies of scale, intelligence and value, ProtectWise has what it takes to help the most securityconscious organizations shift to the cloud. Built by a team of security-industry veterans ProtectWise s architecture is secure by design. Many of the innovative cloud components and techniques have been refined by other performanceoriented industries, but this is the first time a security firm has perfected them for protection. ProtectWise offers the antidote to today s security woes through better visibility, detection and response. VISIBILITY See Everything. DETECTION Detect What Matters Most. RESPONSE React Faster & More Effectively. Visibility into netflow, metadata, truncated flows and full-fidelity PCAP by protocol and application Long-term retention allows for analysis of security events and observations now and in the past days, weeks, months and even years Continuous threat detection and analysis in real-time and retrospectively finding threats that were previously unknown Correlated, communityscaled threat intelligence and analysis Quickly identify and respond to priority events, manage alarm events, review situational reports and investigate network activity and threat observations Rapidly access full PCAP to conduct deep-dive, comprehensive forensic investigations and reduce the dwell time between security events and effective response
How ProtectWise Works Secure Vault ProtectWise uses lightweight software sensors to send network traffic into the ProtectWise secure cloud platform, where it is analyzed in real-time and retrospectively for a potentially unlimited period of time. The advanced analysis is distilled into Visualizer Cloud Network DVR a beautiful and effective visualization tool that provides an at-a-glance view of network activity that pivots into a Secure Ingest Wisdom Engine deeper forensic work bench. Optimized Network Replay Enterprise Sensors Remote Offices Enterprise DMZ Enterprise Core Corporate Cloud
About ProtectWise ProtectWise is disrupting the network security industry with its Cloud Network DVR, a virtual camera in the cloud that records everything on the network. The service allows security professionals to see threats in real time and continuously goes back in time to discover previously unknown threats automatically. By harnessing the power of the cloud, ProtectWise provides an integrated solution with complete visibility and detection of enterprise threats and accelerated incident response. The Cloud Network DVR delivers unique advantages over current network security solutions, including an unlimited retention window with full-fidelity forensic capacity, the industry s To learn more about how ProtectWise leverages the cloud to deliver improved visibility, detection and response to threats, download our Solutions brief here. only automated smart retrospection, advanced security visualization and the ease and cost-savings of an on-demand deployment model. Founded in April 2013, the company is based in Denver, and was named to Network World s list of 10 Security Start-Ups to Watch. Interested in signing up to start using the ProtectWise Cloud Network DVR for free? Visit www.protectwise.com or contact Sales at 1.855.650.0209 and get started today.