People in general and security technology companies in particular tend to adhere to 2 different paradigms: 1) security is a network issue or 2) security is a host (endpoint) issue. You can do really awesome things on both levels.
Next generation firewalls can inspect traffic at key choke points on your network to identity threats, incoming malware, outgoing calls to Command-n-Control systems and exfiltration of data. Some network based security systems can observe behavior of suspected malware inside virtual sandboxed virtual machines to determine if it’s really malicious.
Endpoint based security technologies can prevent untrusted software from executing and catch new techniques like reflective memory injection. Some endpoint security products can record everything suspicious software does on a real system for subsequent forensic analysis.
At the same time both paradigms have blind spots. For instance, network based security solutions don’t see malware that comes through alternative channels like removable media, connections to outside public networks and USB devices.
There’s a lot of synergy that can be achieved by organizations that understand how to fuse both kinds of technologies instead of treating them as separate tools under separate teams. For instance, your next generation firewall’s sandbox might identity a piece of malware transmitted on your network. The next question is to determine which systems and how many received this malware? Did it execute? Then, “let’s blacklist this malware by hash in case there are other systems that get this software whether over the internal network, from untrusted networks or by removable devices/media.”
In this real training for free™ webinar, I’ll examine both network and endpoint based technologies and show you how they are both essential for protecting against today’s advanced persistent threats. But, more importantly, I’ll show how both technologies need to be used together with events in each system driving follow up activities in the other system. I’ll show how this argues for close cooperation between both teams security teams and why some organizations are combining both host and network security teams into a single security operations center practice.
Next our sponsor, CarbonBlack, will demonstrate the new 2-way integration their Parity endpoint security platform extends to Palo Alto’s next generation firewall and FireEye’s Malware Protection System. You’ll see for instance how CarbonBlack Parity can automatically submit a suspicious file to Palo Alto for sandbox detonation, receive results back and automatically ban that file executing on your systems – all within minutes and without intervention by your staff.
Please join me for this technical and state-of-the-art event! Register now!