Protecting the perimeter is usually about dealing with threats and this year’s Innovators do a great job of addressing that. One of our picks offers a creative approach to a straightforward and well-worn tool: the IDS/IPS. This tool focuses on malware, a pretty good approach given that malware is a major attack vector. Those applications that we vulnerability tested will surely succumb to the right kind of malware if a hole exists and the bug can get into our enterprise.
Add in a dash of the cloud and we have an even more difficult environment to secure. Taking advantage of really useful types of data that occur in every network, this Innovator gets a solid view of the enterprise, whether it is in a data center or in the cloud, and uses that view to provide comprehensive protection.
Focusing still on the threat landscape, our other Innovator in this group addresses our biggest security nightmare: zero day. Zero-day malware and attacks pose an increasingly huge threat, and dealing with that threat probably is our biggest challenge. This really is a case of not only knowing that we don’t know something, but also not knowing what we don’t know. Over the years, there have been lots of attempts to address this problem – from behavior analysis to anomaly detection.
Behavior analysis seems to be the most promising because there is only a limited number of ways that an attack – whether human or automated – can progress once it passes a certain point. That behavior can be categorized and its source analyzed. If there is enough data collected, the ongoing analysis of zero-day events becomes more reliable.
Using these two approaches to perimeter protection offers a solid safeguard. The tools are creative and the companies that build them are true thinkers and innovators. We think that you will pick up on the routes that the companies take to protect the data by addressing the perimeter. But, of course, this is just part of the whole defense-in-depth challenge. Like the rest of the tools in this year’s issue, these two are meant to be part of a total solution to the challenge of protecting the data on several levels.
We are big on asking our Innovators about their vision. We get some interesting answers, a few stock ones and the occasional response that prompts us to say something, such as, “Yeah…well, if you can do that you’ll own the market.” When we asked the folks from Barrier1 (they are moving in the direction of renaming the company after their flagship product) we got exactly that kind of answer: “To stop not only the known attacks, but the mutated and never-before-seen attacks for all network traffic types in near real time.”
That is a pretty tall order. Funny thing is, though, they are doing it. What they are doing is not trivial, though, and the way they are doing it says a lot about how this company thinks about problem solving. Barrier1 was born out of a need to detect and stop malware attacks that were mutating faster than firewall rules could be written. When their firewall vendor frankly admitted that it was having the same difficulty keeping up, a group of employees of a major financial services company decided to go out and solve the problem themselves.
These innovators picked the only logical way to address the rapid mutation – now thought of as the zero-day – problem. They started developing algorithms that drove intelligent learning engines. To do that there are some technical requirements. First, the device must sit at the edge of the enterprise. It must inspect all traffic in real time – including inbound and outbound – at all seven OSI layers. It must recognize all protocols (Barrier1 recognizes more than 250) and it must use existing sensors, such as IDS, SIEM and more.
If one wants to get a true global picture of the threat landscape, one needs to have global visibility. To get that, Barrier1 collects data from every other Barrier1 device in the field. This all comes back to a central database, which updates Barrier1 devices every 10 minutes or less. On average, individual Barrier1 users block around 2,400 cyber active locations per month. By adding the data collected from these locations, Barrier1 is able to see potential attacks before they occur so that users can develop appropriate countermeasures proactively.
AT A GLANCE
Flagship product: Barrier1
Cost: Contact vendor
Innovation: Intelligent threat management.
Greatest strength: Deep understanding of network behavior, attack mechanics and global threat intelligence.
The idea behind this Innovator’s service is that one can place sensors strategically around an enterprise and send the outputs to the cloud where advanced processing performs a host of security functions to result in more efficient, faster and more accurate functions than doing the same ones on-premises. Add global intelligence gathering to give depth and breadth to the core data available and you have the MetaFlows Security System (MSS).
This is another product/service that is taking advantage of the trend to gather and analyze global data as a basis for protecting local systems. We like this trend a lot because it allows far greater visibility into the threat landscape than any other method. The MSS takes full advantage of this, but the secret sauce is, in our view, the architecture.
Processing security data, if there is enough of it, can be a burden on network resources. There are several security functions that should be performed on the enterprise and each of these functions needs resources to perform. If one can move that resource requirement off of the enterprise and do it in a dedicated environment, one gains performance and loses the resource burden. MSS moves the analysis and processing off of the enterprise and into the cloud. An added benefit is the ease with which MSS takes advantage of global threat data.
MSS is a true Swiss Army knife of security functionality. It includes advanced malware detection, intrusion prevention, flow analysis and monitoring, SIEM and log management, security software-as-a-service and cloud security. This functionality supports merging data from a variety of sensor types – both to detect and act on threats as they occur.
The MSS sensors can be on any hardware one wishes – although MetaFlows does have a sensor platform, users don’t need it – saving money on the hardware side. The MSS sensor software is designed to support multicore processors and is priced accordingly. Different levels of sensor support different functionality and, again, are priced accordingly. The system can be deployed rapidly and can be up and running, giving actionable results, very quickly.
There is a lot to be said for the way these folks think about the problems of security management, and their hybrid approach is a well thought-out, creative innovation.
AT A GLANCE
Flagship product: MetaFlows Security System (MSS)
Cost: Starts at $1,089 per year for a single core Bronze sensor
Innovation: Hybrid combination of on-premises sensors and cloud analysis taking advantage of global intelligence.
Greatest strength: Long experience in network security and event correlation.