GigaSECURE empowers the right inline security tools – such as Cisco Intrusion Prevention System (IPS), FireEye Advanced Threat Prevention (ATP) and Imperva Web Application Firewall (WAF) – to see, secure and prevent intrusions within growing network traffic and during software upgrades. It brings threat traffic to the front of the line, offloads decryption and boosts resiliency to help make your network more accurate, efficient and economical.
To maximize threat prevention while maintaining network availability, GigaSECURE offers Inline Bypass Protection.
Inline bypass acts as a fail-safe access port for inline security tools. As of now, inline security tools can be single points of failure in a network. If a tool loses power or has its software fail or is taken offline for updates, traffic can no longer flow through this protective link. And failing inline tools can disrupt the very applications and services they are meant to protect.
Inline bypass removes any failure points by automatically switching traffic via bypass mode – keeping critical network traffic and protection up and running.
For most security teams, there’s simply too little time and too few resources to efficiently gather the information needed to make accurate predictions on potential security threats.
To effectively detect threats throughout the IT environment, organizations deploy a variety of security and monitoring solutions. But how do you ensure that your tools are receiving the right information?
Security and monitoring tools must ingest specific types of data to assess the network for threats. For example, security incident and event management (SIEM) systems consume metadata, whereas data loss prevention (DLP), intrusion detection systems (IDS) and advanced threat protection (ATP) tools require packet data.
GigaSECURE enables security operation teams to both generate metadata and gain packet-level visibility to ensure an effective detection posture across the enterprise.
Identifying anomalies allows you to build the next phase of a Defender Lifecycle Model: prediction. Prediction is key to understanding intent, for example, what the bad actor is intending to do or has already done. Identifying a single anomaly does not mean much, nor does it provide context of the entire threat behavior. You need to understand the intent of the bad behavior, which is where artificial intelligence and cognitive solutions come into play.
Since many of the malware and command-and-control threats are essentially “existing” frameworks that have been rented or purchased, it follows that subsequent actions in the attack cycle may mimic behaviors that have been learned or seen in the past, albeit morphed or disguised. AI-based solutions attempt to uncover patterns in the face of polymorphism and guise to predict intent, to surface underlying patterns of behavior and to generate a set of actions that lead to the next stage in the defender lifecycle: containment.
Once you’ve uncovered intent, you can take action to contain, remediate or even allow contained detonation of the threat to better understand the intent.
Today, the threat containment process is manual and time intensive, requiring coordination across multiple groups and actions across endpoints, routers and switches, firewalls and IPSs. Ownership and change management for many of these steps rest within different departments of an organization, and each requires a different set of procedures, skills and review processes. This must change. Organizations need to hasten containment through streamlined processes, minimized touch points and the development and deployment of automation and security workflow orchestration solutions.