Abstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness

Similar documents
ForeScout Extended Module for Splunk

Securing the Evolving Enterprise Network Inside and Out

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

Vectra Cognito Automating Security Operations with AI

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

THE PIONEER IN REAL-TIME CYBER SITUATIONAL AWARENESS

Closing the Hybrid Cloud Security Gap with Cavirin

Shavlik Protect: Simplifying Patch, Threat, and Power Management Date: October 2013 Author: Mike Leone, ESG Lab Analyst

Enterprise Situational Intelligence

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

An All-Source Approach to Threat Intelligence Using Recorded Future

ThreatConnect TC Complete Security Operations and Analytics Platform

Identify and Lock down 100% of your Leaks. Detect Suspicious Network Behaviors

Abstract. The Challenges. ESG Lab Review InterSystems IRIS Data Platform: A Unified, Efficient Data Platform for Fast Business Insight

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Endpoint Security Must Include Rapid Query and Remediation Capabilities

(TBD GB/hour) was validated by ESG Lab

ESG Lab Review RingCentral Mobile Voice Quality Assurance

IBM Data Protection for Virtual Environments: Extending IBM Spectrum Protect Solutions to VMware and Hyper-V Environments

Enabling Hybrid Cloud Transformation

with Advanced Protection

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

NetApp Clustered Data ONTAP 8.2 Storage QoS Date: June 2013 Author: Tony Palmer, Senior Lab Analyst

Next-generation Endpoint Security and Cybereason

i365 EVault for Microsoft System Center Data Protection Manager Date: October 2010 Authors: Ginny Roth, Lab Engineer, and Tony Palmer, Senior Engineer

Veritas Resiliency Platform: The Moniker Is New, but the Pedigree Is Solid

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

ESG Lab Review Accelerating Time to Value: Automated SAN and Federated Zoning with HPE 3PAR and Smart SAN for 3PAR

ESG Lab Review High-fidelity Breach Detection with Acalvio Autonomous Deception

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Abstract. The Challenges. The Solution: Veritas Velocity. ESG Lab Review Copy Data Management with Veritas Velocity

IBM Data Protection for Virtual Environments:

Mastering The Endpoint

RSA NetWitness Suite Respond in Minutes, Not Months

Modern Database Architectures Demand Modern Data Security Measures

Video Surveillance Solutions from EMC and Brocade: Scalable and Future-proof

Abstract: Data Protection Cloud Strategies

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Automation and Analytics versus the Chaos of Cybersecurity Operations

Dell EMC Isilon All-Flash

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Best Practices in Securing a Multicloud World

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Hyperconverged Infrastructure: Cost-effectively Simplifying IT to Improve Business Agility at Scale

Cloud Migration Strategies

Evolving Threats Call For Integrated Endpoint Security Solutions With Holistic Visibility

SIEM: Five Requirements that Solve the Bigger Business Issues

ESG Research. Executive Summary. By Jon Oltsik, Senior Principal Analyst, and Colm Keegan, Senior Analyst

SECURITY OPERATIONS CENTER BUY BUILD BUY. vs. Which Solution is Right for You?

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Reference Research: Disk-based Storage Capacity Trends Date: September 2012 Author: Bill Lundell, Senior Research Analyst

Lab Validation Report

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Infrastructure Blind Spots Continue to Fuel Personal Data Breaches. Sanjay Raja Lumeta Corporation Lumeta Corporation

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Flash Storage-based Data Protection with HPE

SIEM Solutions from McAfee

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

PALANTIR CYBERMESH INTRODUCTION

Automating the Top 20 CIS Critical Security Controls

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Manufacturing security: Bridging the gap between IT and OT

align security instill confidence

GDPR: An Opportunity to Transform Your Security Operations

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

Building Resilience in a Digital Enterprise

Are we breached? Deloitte's Cyber Threat Hunting

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

ForeScout ControlFabric TM Architecture

Enabling IT Transformation with Modern Data Protection Strategies

Best Practices in Cloud-powered Data Protection

DATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.

A Practical Guide to Efficient Security Response

Managed Endpoint Defense

Simplify, Streamline and Empower Security with ISecOps

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Securing Digital Transformation

Modernizing Virtual Infrastructures Using VxRack FLEX with ScaleIO

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

White. Paper. The Application Deluge and Visibility Imperative. How to Ensure Network Performance for Your Business-critical Applications.

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Sage Data Security Services Directory

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

THE ACCENTURE CYBER DEFENSE SOLUTION

ESG Lab Review The Performance Benefits of Fibre Channel Compared to iscsi for All-flash Storage Arrays Supporting Enterprise Workloads

Transcription:

ESG Lab Review Lumeta Spectre: Cyber Situational Awareness Date: September 2017 Author: Tony Palmer, Senior IT Validation Analyst Enterprise Strategy Group Getting to the bigger truth. Abstract ESG Lab performed hands-on testing of Lumeta Spectre, looking at how Lumeta s real-time, always-on monitoring and integration with best-of-breed cybersecurity tools can enable organizations to gain complete visibility into their network, enabling detection, prevention, and remediation of threats and vulnerabilities. The Challenges Network security can be an intimidating discipline for most organizations, and information security professionals would readily admit that they are engaged in a persistent cyber-war that puts their organizations under a constant barrage of attacks. The threat landscape is becoming increasingly dangerous, as malicious actors focus their energy on developing sophisticated, targeted attacks, often based upon zero-day malware that easily circumvents signature-based security controls. Facing persistent cyber-adversaries is a challenge, and network security has become more difficult because of an explosion in the number of users and devices, combined with a commensurate increase in traffic. Additional challenges are imposed by disparate security policies, controls, and technologies, and the increasing application of cloud-first, mobile-first, and digital transformation initiatives. The use of technology to radically improve the performance and reach of enterprises brings new types of applications with new security issues. Organizations are trying to cope with these changes while operating within the constraints posed by the global cybersecurity skills shortage. According to ESG research, 45% of organizations report that they have a problematic shortage of cybersecurity skills. 1 In a separate survey of cybersecurity professionals, 54% reported that the cybersecurity skills shortage increased their workload, 35% said the shortage led to an inability to fully learn or utilize security technologies to their full potential, and 32% reported higher attrition and turnover. 2 Figure 1. Top Five Impacts of the Global Cybersecurity Skills Shortage You indicated that the organizations you ve worked for over the past few years were impacted by the global cyber security skills shortage. What type of impact did the global cyber security skills shortage have on these organizations? (Percent of respondents, N=303, multiple responses accepted) Increasing workload on existing staff 54% My organization has had to hire and train junior employees rather than hire people with the appropriate level of cyber security skills needed Inability to fully learn or utilize some of our security technologies to their full potential 35% 35% Higher attrition and turnover amongst the cyber security staff 32% Limited time for training since the cyber security staff is too busy keeping up with day-to-day responsibilities 32% Source: Enterprise Strategy Group, 2017 1 Source: ESG Brief, 2017 Cybersecurity Spending Trends, March 2017. 2 Source: ESG/ISSA Research Report, Through the Eyes of Cyber Security Professionals: Annual Research Report (Part II), December 2016. This ESG Lab Review was commissioned by Lumeta and is distributed under license from ESG.

Lumeta Spectre Lab Review: Lumeta Spectre: Cyber Situational Awareness 2 Lumeta Spectre is designed to offer real-time, context-driven security intelligence to address these problems. By enhancing Lumeta s Recursive Network Indexing techniques with the context of network state change via analysis of network control plane protocols (OSPF, BGP, ARP, DHCP, DNS, ICMPv6, and others), Lumeta Spectre provides network situational awareness in real time as mobile, virtual, cloud assets, and even the physical/software-defined network changes. Lumeta Spectre hunts for anomalous behavior to provide context and to quickly prioritize issues for remediation. Lumeta Spectre includes the ability to ingest third-party threat intelligence feeds an Accenture idefense subscription is included to correlate with network data to find potentially compromised enterprise assets that are malware-infected, i.e. participating in a C2 botnet, or identified in a blacklist, Dropnet, Shadowserver, or attacker list. Lumeta Spectre discovers internal use of known malicious ports, and hunts for unauthorized communication to known bad actor sites. Lumeta Spectre hunts for dynamic changes to the network edge and changes caused by virtual, cloud, and mobile assets on your network. Recursive Network Indexing provides a real-time, authoritative view of network infrastructure. This enables organizations to gain a true view of all network devices, i.e. the total address space and everything in it. Lumeta Spectre can also identify leak paths, areas where there is unauthorized communication to the Internet or between firewalled segments. Figure 2. Lumeta Spectre ESG Lab Tested Source: Enterprise Strategy Group, 2017 The Lumeta Spectre Command Center, shown in Figure 3, is where the user interface and HDFS data store are hosted. Configuration, analytics, and correlation are all done here. Lumeta Spectre uses the concept of Zones as configuration paradigms. Organizations can create their own zones based on the criteria that are most important to them and how they view their network geographically, by department or business unit, by tenant, etc. Spectre Scouts are virtual machines spun up in various parts of the organization s network to facilitate visibility. The Command Center collects data from the Scouts. Users create zones to visualize the data. Lumeta provides a number of dashboards out of the box, including the ability to identify dark web elements like Tor relays and Tor exit nodes in the infrastructure.

Lab Review: Lumeta Spectre: Cyber Situational Awareness 3 Figure 3. The Lumeta Spectre User Interface Breach Detection Lumeta Spectre correlates what it knows about the network with threat intel and ingested netflows and uses the combined intelligence to identify threat flows. Figure 4 shows peer to peer (P2P) transactions. Lumeta Spectre shows the source IP, which is on the internal network, communicating with an emerging threat that has been identified. With this intel, security analysts can take remediating action, i.e. quarantine or shut down compromised nodes. Figure 4. Threat Flows Lumeta reports that in their experience there s an average gap of 40% in knowledge regarding endpoints on an organization s network. These endpoints are not managed or covered by endpoint or threat management solutions, so they are potentially exposed to threats. Lumeta works with best-of-breed providers to close this gap. In Figure 5, Lumeta is highlighting all unmanaged devices, where a McAfee epo agent is not installed.

Lab Review: Lumeta Spectre: Cyber Situational Awareness 4 Figure 5. Endpoint Management From here, users can drill down into device details to get pertinent information about the device, including addresses, interfaces, port status, when the device was discovered, and when it was updated. Figure 6 shows the Indexing Stats view. Indexing Stats provides additional analytics, showing devices by zone. This gives users a feel for the size and scope of their zones, as well as events sorted by zone and type. ESG clicked on Hybrid Zone. Figure 6. Indexing Stats This took us to the map view, shown in Figure 7. This is a map of the entire network, which enables organizations to quickly confirm segmentation.

Lab Review: Lumeta Spectre: Cyber Situational Awareness 5 The island on the right, with no connections to the rest of the network, is segmented appropriately. Users can configure alerts to display on the dashboard and the map and can drill into alerts from either location. Figure 7. The Lumeta Network Map Lumeta Spectre also comes equipped with a visual query builder, which enables users to create complex queries by simply dragging and dropping items from a library of predefined elements. Why This Matters Cybersecurity professionals report numerous impacts of the global cybersecurity skills shortage, including increased workloads and an inability to fully learn or utilize security technologies. 3 Organizations should look to improve their network visibility and enforcement capabilities to minimize their attack surface and reduce potential avenues of attack. With a couple of clicks, ESG Lab visualized an entire live network and all devices on it. The Breach Detection dashboard showed all devices on the network, identifying zombie devices and dark web (Tor) nodes. Spectre also identified threat flows peer to peer transactions between inside devices and IP addresses identified as P2P nodes. Devices with IP addresses not managed by the organization s endpoint and threat management solutions were also identified and reported on in detail, enabling identification and remediation. ESG Lab used the visual query builder that enables users to create and execute complex analytic queries by dragging and dropping elements, with no SQL required. Lumeta s layered approach combines data collection and telemetry, threat intelligence from open source and subscription feeds, and integrations with best-of-breed cybersecurity products to deliver context-driven network situational awareness in real time. 3 Source: ESG/ISSA Research Report, Through the Eyes of Cyber Security Professionals: Annual Research Report (Part II), December 2016.

The Bigger Truth Lab Review: Lumeta Spectre: Cyber Situational Awareness 6 Today s dynamic IT infrastructure, featuring the cloud, digital business transformation, and an increasingly mobile workforce, is evolving at a pace that s exceeding the capabilities of legacy security approaches. Traditional network security has proven to be insufficient, lacking the visibility, control, and intelligence necessary to keep up with changing needs. Infrastructures are left exposed to a dangerous threat landscape where persistent cyber-attackers have proven adept at bypassing aging security mechanisms, presenting an increased risk to the business. To shrink an organization s attack surface and reduce potential avenues of compromise, security teams should look to improve their network visibility and enforcement capabilities. After all, it s impossible to protect users and their devices when you don t know who they are, what they ve connected to, and what they re allowed to do. With the ever-present cybersecurity skills shortage, enterprises need to supplement security staff, leveraging emerging technologies to offload human analytics. Enterprises can use thorough and up-to-date network inventories to take actions aimed at reducing the attack surface by applying the principle of least privilege, and developing granular access policies that ensure access is granted to the minimum resources necessary. Security teams need to be able to update policies to reflect changes in behavior that have been detected through continuous monitoring, regardless of user or device type. ESG Lab looked at a live network environment using Lumeta Spectre, gaining visibility over the entire network and all devices on it quickly and with just a couple of clicks. The Breach Detection dashboard showed compromised devices on the network, identifying zombie devices and dark web (Tor) nodes. Lumeta Spectre also identified threat flows and devices at IP addresses not managed by the organization s endpoint and threat management solutions. Lumeta Spectre can drill down into the details for these devices for identification and remediation. The custom query builder enabled us to build complex analytic queries with a visual drag-and-drop interface, without requiring SQL expertise. Given the need for network visibility, tight access controls, continuous monitoring, and real-time security policy flexibility, ESG Lab believes that Lumeta s integrated security solutions, including integrated network discovery, monitoring, and analytics, can provide authoritative cyber situational awareness in real time to address evolving network security requirements. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. The goal of ESG Lab reports is to educate IT professionals about data center technology products for companies of all types and sizes. ESG Lab reports are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging technologies. Our objective is to go over some of the more valuable feature/functions of products, show how they can be used to solve real customer problems and identify any areas needing improvement. ESG Lab's expert third-party perspective is based on our own hands-on testing as well as on interviews with customers who use these products in production environments. www.esg-global.com contact@esg-global.com P.508.482.0188

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback