Iron Bow Technologies has the expertise to assess customer networks, provide security technology solutions that address security challenges and successfully deploy security solutions to provide protection against today’s advanced persistent threats (APT).
Known, unknown, advanced persistent threats – today’s networks face a diverse threat landscape while managing a growing diversity in devices. Mobile, cloud, virtualization, IoT all bring with them different threats. This increase in attack vectors makes threat visibility a critical component of IT strategy.
Threat Visibility Through Traffic Visibility
Visibility into traffic traversing the network is vitally important to obtain a baseline of normal traffic flow, and from that baseline, be able to detect misconfigured devices and malicious attacks. Mature technologies, such as Netflow and Intrusion Prevention Systems, are critically important in providing insight on traffic within the corporate environment.
Today’s organizations need to build on the data provided by these systems by integrating new security tools to:
- Mine raw data to provide an enhanced look at the security of a network including identifying command and control traffic and unexpected source traffic
- Pull a needle from a haystack by being alerted to even small variances in data type, traffic level and performance metrics
- Integrate with public security databases such as Virustotal and Spamhaus for the most up-to-date threat information
- Extend visibility to all endpoints to address the reality of a mobile workforce and enable the ability to block end-user traffic whether it is connected to the network or not
Threat visibility tools have a threefold impact on an organization
- Security – increase the security posture of an organization including reducing risk from ransomware attacks and protection against competitors stealing valuable intellectual property
- Budget – justify security budget by visually illustrating the continual threats the network faces
- Performance – insight into bottlenecks and throughput/latency issues, allowing them to be remediated before they cause an outage or a loss of performance
Iron Bow in Action
Understanding Threats for Better Planning
Threat visibility is part of a Continuous Diagnostics and Mitigation (CDM) approach to security. Being able to see what threats are hitting your network allows for more effective security and budget planning. In one case, an Iron Bow client began using a threat visibility tool and immediately saw probes from foreign countries and traffic from the client network going to those countries. This visibility provided two critical functions. First, it was a graphical method of easily seeing when a breach has occurred. Second, it provided clear justification for further investment into the security budget. In this case, the attacks were unsuccessful, but the client learned they were being attacked on regular basis from places they never imagined. Examination over time brought to light a data exfiltration problem. It was not malicious but instead was tied to a user that was trying to make sure that the data they used was preserved by archiving records to an unapproved storage device. The user did not realize the security ramifications if this device was compromised. User education closed that vector. While that attack was really a non-issue, having the visibility into the threats coming at the network day in and day out, the IT team was able to better justify ongoing security investments.
Our security specialists have in-depth knowledge on the latest attack methods and how to defend against them.
By understanding threats, organizations can offer the diversity of access options that users demand and expect.
Our goal is to find the needle in the haystack by understanding what is normal traffic and immediately flagging any outliers in that flow.