Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Similar documents
ForeScout Extended Module for Splunk

Abstract. The Challenges. ESG Lab Review Lumeta Spectre: Cyber Situational Awareness

Shavlik Protect: Simplifying Patch, Threat, and Power Management Date: October 2013 Author: Mike Leone, ESG Lab Analyst

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Closing the Hybrid Cloud Security Gap with Cavirin

ESG Lab Review High-fidelity Breach Detection with Acalvio Autonomous Deception

ESG Lab Review Accelerating Time to Value: Automated SAN and Federated Zoning with HPE 3PAR and Smart SAN for 3PAR

Abstract. The Challenges. ESG Lab Review Proofpoint Advanced Threat Protection. Figure 1. Top Ten IT Skills Shortages for 2016

Abstract. The Challenges. ESG Lab Review InterSystems IRIS Data Platform: A Unified, Efficient Data Platform for Fast Business Insight

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

(TBD GB/hour) was validated by ESG Lab

An All-Source Approach to Threat Intelligence Using Recorded Future

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Endpoint Security Must Include Rapid Query and Remediation Capabilities

Enabling Hybrid Cloud Transformation

Cloud Migration Strategies

IBM Data Protection for Virtual Environments: Extending IBM Spectrum Protect Solutions to VMware and Hyper-V Environments

Running Splunk on VxRack FLEX

Next-generation Endpoint Security and Cybereason

ESG Lab Review The Performance Benefits of Fibre Channel Compared to iscsi for All-flash Storage Arrays Supporting Enterprise Workloads

Best Practices in Securing a Multicloud World

i365 EVault for Microsoft System Center Data Protection Manager Date: October 2010 Authors: Ginny Roth, Lab Engineer, and Tony Palmer, Senior Engineer

Hyperconverged Infrastructure: Cost-effectively Simplifying IT to Improve Business Agility at Scale

Automating the Top 20 CIS Critical Security Controls

with Advanced Protection

Mastering The Endpoint

ThreatConnect TC Complete Security Operations and Analytics Platform

ESG Lab Review RingCentral Mobile Voice Quality Assurance

Managed Endpoint Defense

SIEM Solutions from McAfee

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Abstract. The Challenges. The Solution: Veritas Velocity. ESG Lab Review Copy Data Management with Veritas Velocity

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Symantec Security Monitoring Services

Market Report. Scale-out 2.0: Simple, Scalable, Services- Oriented Storage. Scale-out Storage Meets the Enterprise. June 2010.

Vectra Cognito Automating Security Operations with AI

Dell EMC Isilon All-Flash

NetApp Clustered Data ONTAP 8.2 Storage QoS Date: June 2013 Author: Tony Palmer, Senior Lab Analyst

A Roadmap for BYOD Adoption. By Jon Oltsik, Sr. Principal Analyst, and Bob Laliberte, Sr. Analyst

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Best Practices in Cloud-powered Data Protection

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Video Surveillance Solutions from EMC and Brocade: Scalable and Future-proof

McAfee epolicy Orchestrator

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Flash Storage-based Data Protection with HPE

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Efficient Data Center Virtualization Requires All-flash Storage

Cyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

A Practical Guide to Efficient Security Response

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

IBM Data Protection for Virtual Environments:

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

RSA NetWitness Suite Respond in Minutes, Not Months

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

locuz.com SOC Services

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Total Protection for Compliance: Unified IT Policy Auditing

Speed Up Incident Response with Actionable Forensic Analytics

Transforming Security from Defense in Depth to Comprehensive Security Assurance

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Modernizing Virtual Infrastructures Using VxRack FLEX with ScaleIO

Lab Validation Report

ESG Research. Executive Summary. By Jon Oltsik, Senior Principal Analyst, and Colm Keegan, Senior Analyst

SYMANTEC DATA CENTER SECURITY

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

MiTek Sapphire Build. Scalable Software for Home Building Management. ESG Lab Validation. By Brian Garrett, Vice President, ESG Lab April 2017

FOUR WAYS TO IMPROVE ENDPOINT SECURITY: MOVING BEYOND TRADITIONAL APPROACHES

The Role of Converged and Hyper-converged Infrastructure in IT Transformation

BUILT TO STOP BREACHES. Cloud-Delivered Endpoint Protection

Sophos. Allan Widell Channel Account Executive. 24. August 2017

SIEMLESS THREAT DETECTION FOR AWS

Dell EMC Hyperconverged Portfolio: Solutions that Cover the Use Case Spectrum

Veritas Resiliency Platform: The Moniker Is New, but the Pedigree Is Solid

Abstract: Data Protection Cloud Strategies

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

McAfee Total Protection for Data Loss Prevention

SIEM: Five Requirements that Solve the Bigger Business Issues

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

VMAX3: Adaptable Enterprise Resiliency

Vulnerability Management

Strong Consistency versus Weak Consistency

Device Discovery for Vulnerability Assessment: Automating the Handoff

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Integrated, Intelligence driven Cyber Threat Hunting

Security Configuration Assessment (SCA)

Automation and Analytics versus the Chaos of Cybersecurity Operations

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

The Journey to Intent-based Networking

BUILDING AND MAINTAINING SOC

Unlocking the Power of the Cloud

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Vulnerability Assessments and Penetration Testing

ForeScout Extended Module for Carbon Black

Traditional Security Solutions Have Reached Their Limit

Transcription:

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group Getting to the bigger truth. As organizations of all sizes embrace digital transformation and the shift to modern cloud architectures, their IT infrastructure is both growing and becoming more complex. Indeed, two-thirds (68%) of respondents to an ESG research survey said that their IT environment had become more complex in the last two years. 1 Complex infrastructures have large attack surface areas, necessitating a variety of cybersecurity tools and techniques to protect them against ever-increasing volumes and sophistication of attacks. However, cybersecurity teams report numerous challenges managing an assortment of security products from different vendors, such as the inefficiencies created by having separate management and operations for each tool, cited by 27% of ESG research respondents as a challenge, or different tools for various parts of the IT infrastructure (24%), or the number of security tools making operations complex and time consuming (22%) (see Figure 1). 2 Figure 1. Top Five Challenges Managing an Assortment of Security Products from Different Vendors Which of the following represent the biggest challenges associated with managing an assortment of security products from different vendors? (Percent of respondents, N=232, three responses accepted) All our security products generate high volumes of security alerts making it difficult to prioritize and investigate security incidents 27% Each security technology demands its own management and operations straining my organizations resources 27% We need different solutions for different infrastructure environments which are then managed by separate teams creating operational inefficiencies The number of security technologies used at my organization makes security operations complex and time consuming 22% 24% Purchasing from a multitude of security vendors adds cost and purchasing complexity to my organization 20% 1 Source: ESG Master Survey Results, 2018 IT Spending Intentions Survey, December 2017. 2 Source: ESG Master Survey Results, Cybersecurity Landscape: The Evolution of Enterprise-class Vendors and Platforms, October 2018. This ESG Technical Review was commissioned by SecPod and is distributed under license from ESG.

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 2 The Solution: SanerNow from SecPod SecPod created SanerNow as an integrated platform to reduce the complexity, effort, and costs of managing and securing endpoints. The platform replaces multiple point tools, encompassing six endpoint security capabilities, including: Vulnerability Management continuous risk assessment. Patch Management risk reduction by automating the application of fixes to known vulnerabilities. Compliance Management compliance with regulatory standards and industry benchmarks. Endpoint Management automated endpoint management and system hardening. Asset Management discovery and management of assets. Threat Detection and Response detection and response to indicators of attack and indicators of compromise. SecPod is developing additional modules to provide additional capabilities including file integrity monitoring, mobile device security, remote desktop sharing, and data loss prevention (DLP). SanerNow comprises the Ancor scalable analytics and correlation engine, the Viser management dashboard, and Saner agents for Windows, Mac, and Linux endpoints. Organizations and managed services providers (MSPs) can deploy SanerNow as a software-as-a-service (SaaS) application, or the Ancor analytics engine can be deployed on-premises. Security professionals use SanerNow to: Query determine endpoint status and configuration. Monitor determine endpoint changes as they occur. Analyze determine endpoint risks and threats. Respond fix endpoint issues. Organizations and MSPs deploying SanerNow benefit from: Consolidated Platform SanerNow incorporates all tools necessary for the most common and frequent endpoint security tasks including vulnerability and patch management, asset and endpoint management, regulatory and industry benchmark compliance, and endpoint detection and response. Organizations can simplify their cybersecurity toolbox, replacing many point products with the SanerNow platform. Accelerated Results rapid visibility to risks and threats, and the automatable tools for remediation. SaaS deployed as a SaaS solution, organizations leverage all the SaaS benefits including cloud-based self-provisioning, usage-based pricing, scalability, multi-tenancy, multi-user role-based access (RBAC), and accelerated deployment and upgrades. Single Agent endpoint inventory and control, compliance checks, vulnerability, and endpoint detection and response (EDR) from a single lightweight agent. Automation and Orchestration SanerNow includes a comprehensive set of APIs enabling automation and orchestration of the endpoint security system. Ease of Use SecPod designed SanerNow to be deployed quickly, without requiring extensive user training. Cost Management SanerNow replaces multiple vendors and point tools with a single tool and vendor, with usagebased pricing, enabling organizations to manage the cost of their cybersecurity toolbox. ESG Tested This review used a demo environment representing a typical organization s IT architecture, with several deployed Windows, Mac, and Linux endpoints. ESG logged in to the web-based Viser management dashboard and was guided by a deployment wizard to create Accounts/Sites and deploy agents. Once the agents were deployed, within 5-6 minutes all the dashboard elements were populated with various findings. The Viser dashboard provides a comprehensive overview of the discovered

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 3 endpoints, as show in Figure 2. Below the discovered endpoint information is the summary data for each of the six modules: endpoint management, asset management, vulnerability management, patch management, compliance management, and EDR (endpoint detection and response). From the menu, ESG Lab selected Reports to browse through the list of available reports and generate the risk posture report. Users can save reports as PDFs and can configure SanerNow to automatically email reports on a routine basis. Figure 2. SanerNow Viser Dashboard As the typical next step for an initial deployment of SanerNow, ESG selected Device Manager from the menu to discover information about the endpoints in the environment. The device manager dashboard, shown in Figure 3, provided a comprehensive listing of devices, addresses, operating systems, and other critical information about all known endpoints. Figure 3. Device Manager

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 4 Clicking on the Create Group action button brought up a grouping and filtering facility. SanerNow includes groups for each endpoint type (Windows, Mac, Linux), and administrators can group any arbitrary set of endpoints into a new group. Clicking on the Deployment button opened a facility where we could deploy the Saner agent to selected unmanaged systems. Alternately, administrators can distribute a site-specific URL from which users can download and install the Saner agent. Once installed, the agent schedules a daily scan. Endpoints are scanned for inventory, configuration, vulnerability, patch, and other system details. By clicking on the Scan Now button, we could also send a command to the agent on selected endpoints to initiate a scan. To explore the vulnerability of the managed endpoints in the environment, ESG selected the Vulnerability Manager from the menu. As shown in Figure 4, the vulnerability manager dashboard provided a comprehensive overview of the vulnerabilities discovered by the agent scan. The distribution of vulnerabilities by machine, type, criticality, and other factors was displayed. It also mapped malware and exploit kits to vulnerabilities that were being exploited in the wild. The dashboard included a panel detailing vulnerability mitigation statistics the number of patches that needed to be applied to reduce or eliminate vulnerabilities. Figure 4. Vulnerability Manager The vulnerability manager enabled us to understand which endpoints were at risk, and what patches we needed to apply to reduce the risk. To apply the patches, we selected the Patch Manager from the menu. As shown in Figure 5, the patch manger provided a list of patches that could be applied to endpoints in the environment. We selected a set of patches and then clicked apply selected patches. The ensuing pop-up enabled us to create and name the patching task, with options for when to apply the patches, and enable automatic reboot if necessary. Using the top action item buttons, we were also able to create and schedule tasks to automatically patch systems as new patches were published, based on patch criticality and other factors. The top action item buttons also provided us the ability to monitor the status of patch tasks, and to roll back previously applied patches.

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 5 Figure 5. Patch Manager After applying patches to reduce endpoint risk, we selected the Compliance Manager from the menu to understand which endpoints were in compliance with regulatory standards and industry benchmarks. Shown in Figure 6, the compliance manager provided a display of compliance data gathered by the Saner agent during endpoint scans. Figure 6. Compliance Manager

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 6 SanerNow comes with predefined checks for compliance with regulatory standards and industry benchmarks including PCI, HIPAA, NIST 800-53, and NIST 800-171. From the top action menu, ESG selected Benchmarks, which brought up the benchmark editor, enabling us to create our own compliance benchmarks. We elected to customize a benchmark based on PCI 3.2 for Windows 10. Clicking on each item in the list brought up a description of the item, and the ability to edit the check for that item, as well as the ability to create our own checks. Next, using the compliance manager dashboard, we reviewed the endpoints that were out of compliance. To fix those endpoints, we selected Remediation Actions from the top action menu. This brought us back to the patch manager, as shown in Figure 5. We then selected Missing Configuration from the top action menu. The ensuing pop-up enabled us to create and name the configuration remediation task which would modify the endpoint s configuration to bring it into compliance. As with patching tasks, SanerNow provides options for when to update the configuration and enable automatic reboot if necessary. These configuration remediations could be automatically applied to achieve continuous compliance through an Automation action menu item. After bringing endpoints into compliance, we selected Asset Manager from the menu. Shown in Figure 7, the asset manager displayed comprehensive information on all software and hardware assets discovered by the Saner agent scans. Administrators can use SanerNow to track and manage OS, application, and hardware licenses. This provides cost management, enabling administrators to understand license usage, and reclaim resources when necessary. The asset manager also listed installed blacklisted, rarely used, and outdated applications. Administrators can use this information to update or remove applications, thereby reducing the attack surface area of the endpoints in the environment. Figure 7. Asset Manager Next, ESG selected Endpoint Manager from the menu. Shown in Figure 8, the endpoint manager provided summary information on the endpoints in the environment and provided facilities for the administrator to remotely manage the endpoint. We clicked on Open Ports and SanerNow queried the selected endpoint for information on open network ports, displaying the results in a pop-up window. At the bottom of the window were action buttons that enabled us to manage the open ports by stopping or blocking processes, or starting, stopping, or disabling services.

Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 7 The list of endpoint checks and actions is comprehensive, covering application, networking, OS, storage, BIOS, and other endpoint configurables. Figure 8. Endpoint Manager As a final step in improving the security of the environment, we selected Endpoint Detection and Response from the menu. This brought up a summary detailing discovered indicators of attack (IoA) and indicators of compromise (IoC), as shown in Figure 9. Using the EDR screen, we set out to hunt existing threats in the environment. We clicked on Detection to build our own custom IoC detection sequence. The simplicity of the detection builder enabled us to rapidly create a custom sequence by scrolling through the list of detectable items, clicking on ARP Cache, and then providing a custom value to search. Clicking on the And/Or box enabled us to add another detectable item to the sequence, linking the detection criteria with and/or logic. We then built a custom remediation sequence by clicking on Response. Similar to the detection builder, the response builder enabled us to rapidly create a custom response sequence. In this case, we selected Disable Device to disable access to a device in response to our detection of compromise.

Figure 9. EDR Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 8 Why This Matters According to ESG research, 51% of surveyed organizations believe that their organizations have a problematic shortage of existing cybersecurity skills in their workforces. 3 When organizations deploy multiple point tools, each designed to address a specific endpoint problem, they exacerbate the skills gap. SecPod designed SanerNow to address the challenges of multiple point tools with an integrated platform that reduces the complexity of endpoint security. ESG validated that the SanerNow platform incorporates the major features necessary to protect an organization s endpoints. Just a few mouse clicks are required to install the Saner agent on endpoints in the environment, after which the agent scans for vulnerability, inventory, configuration, patch, and other system details. We found it quick and easy to determine which endpoints were vulnerable to attack or out of compliance with regulatory and industry standards. A few more mouse clicks enabled us to manage the endpoints, reducing risk via patching, update configurations to bring systems into compliance, and remotely manage the systems. Integrated threat hunting and remediation features enabled us to rapidly find and fix compromised systems. We observed that the SanerNow platform can replace multiple endpoint security point tools, simplifying the cybersecurity toolbox and obviating the need for a large staff of highly-skilled cybersecurity experts. 3 Source: ESG Master Survey Results, 2018 IT Spending Intentions Survey, December 2017.

The Bigger Truth Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform 9 ESG asked IT executives and professionals to name the business initiatives that would drive the most IT spending at their organizations in 2018. Forty four percent cited strengthening cybersecurity, making it the most cited option in the list. 4 The traditional approach to achieving this goal is to acquire more tools to address perceived or existing weaknesses in the organization s cybersecurity strategy. This approach is doomed to fail as it forces organizations to expend more scarce resources time, money, effort, and, most importantly, staff on acquiring and becoming experts in each new tool added to the cybersecurity toolbox. Instead of adding more tools, organizations need to look to integrated platforms that can reduce cybersecurity complexity. SanerNow from SecPod is one such platform. Designed to meet the needs of organizations of any size, as well as MSPs and MSSPs, SanerNow is an integrated endpoint security platform that replaces multiple point tools and provides: Vulnerability management. Patch management. Compliance management. Endpoint management. Asset management. Threat detection and response. During ESG s review of SanerNow, we were able to address a variety of risks and threats to endpoints quickly and simply. We installed the Saner agent on endpoints, and scanned for vulnerabilities, assets, configuration, and compliance. We used that information to determine which endpoints had exploitable vulnerabilities and addressed those vulnerabilities by applying the appropriate patches. Next, we determined which endpoints were out of compliance, and created tasks to update configurations, bringing the systems into compliance. Using SanerNow s threat detection and response engines, we quickly built complex queries for indicators of compromise and built remediation action scripts. We also used SanerNow to remotely manage endpoints, and to track hardware and software assets. ESG Lab validated that SecPod s SanerNow endpoint security platform helps organizations overcome the cybersecurity skills gap with end-to-end endpoint security management, detection, analytics, response, and automation capabilities. For organizations that want to move beyond a large suite of point tools and leverage integrated platforms to reduce complexity and manage their costs, it would be worthwhile to take a closer look at SanerNow from SecPod. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. The goal of ESG Validation reports is to educate IT professionals about information technology solutions for companies of all types and sizes. ESG Validation reports are not meant to replace the evaluation process that should be conducted before making purchasing decisions, but rather to provide insight into these emerging technologies. Our objectives are to explore some of the more valuable features and functions of IT solutions, show how they can be used to solve real customer problems, and identify any areas needing improvement. The ESG Validation Team s expert thirdparty perspective is based on our own hands-on testing as well as on interviews with customers who use these products in production environments. 4 Source: ESG Master Survey Results, 2018 IT Spending Intentions Survey, December 2017. www.esg-global.com contact@esg-global.com P.508.482.0188

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback