Santa’s sleigh is probably brimming over with Malware

Santa’s sleigh is probably brimming over with Malware

Twas the night before Christmas, when all through the SOC
Not a single alarm was ringing, much to your analyst’s shock
The NDR was humming along, and not a single threat
No breaches, no intrusions, the best Christmas yet!

This time of year, when most of us are home with our families and friends celebrating the holidays, the last thing we need to worry about is a cyber spoiler ruining our much-deserved good cheer.  Skeleton crews and stretched resources are the December norm in even the most sophisticated SOCs.

This seasonal dilemma is especially true when it comes to securing our cloud workloads. We trust our cloud providers to give us unparalleled uptime, performance and scale, but it’s up to us to provide the security. Protecting application workloads across traditional data centers is tough enough.  Now, securing hybrid multi-cloud environments, SaaS environments and even IoT devices has made the task 1,000 times more difficult. That’s why so many people this year have just one thing on their Christmas security wish list: Network Detection and Response (NDR).

If you’ve been a good security practitioner all year, you’ve no doubt invested heavily in the compulsory fare such as firewalls, traditional IDS/IPS, endpoints and email security.  Unfortunately, people do dumb things.  They share passwords, they open mails they shouldn’t, they neglect to change their default credentials.  Or sometimes, very naughty employees do things to intentionally hurt our companies.  Even our innovation workhorses, the AppDev teams, make mistakes.  When all this prevention ultimately fails, and it always does, NDR is that mythical Star of Bethlehem.  Today’s AI-fueled NDR inspects, analyzes, and responds across layers 2 through 7 in real time – giving us never before seen insights, agility, and automation.  NDR lets us sleep at night and quickly pays for itself when security analysts stop chasing ghosts and low-fidelity alerts and turn their efforts to the most dangerous threats.  NDR is also a huge morale injection that allows one’s SOC experts more time for eggnog and less time wasted on low-value repetitive tasks.

Have you ever received a gift without batteries or instructions?  Embracing NDR means never needing batteries or instructions again.

Consider the most complicated, virtualized, or distributed IDPS solution today: it’s a mess of custom configurations, special use cases, injections of arcane tribal knowledge, and head pounding alerts that rival the worst holiday hangover.  Adding Lastline NDR sensors creates a resilient layer of protection one could only have dreamed of a few short years ago.  The resulting cheer includes an accompanying gift of 100-fold reductions in attacker dwell times and 10x reductions in bogus alerts.  As if that wasn’t enough merriment, Lastline’s 100% open API allows the simple integration to all of one’s existing network vulnerability points and SIEM and SOAR infrastructure.

Similarly, if you’re using a service-defined firewall to protect your internal traffic flows or to segment your network, adding NDR sensors either in-line or passively provides the shrewd SOC operator a crafty way to “regift” and breathe new life into those security tools .  AI-powered NDR has the ability to detect malicious code reuse by threats, regardless of how an attacker packages or repackages malware.  NDR quickly and easily spots attempts by malware to make lateral movements inside your environment, even if it’s a new or zero-day threat.

Are you using virtualized cloud infrastructure for microservices or small apps and keeping all of them fully segmented? Adding an NDR sensor to each of those segments provides you with the added insurance of detecting a threat that has established a foothold in a poorly-coded, legacy, end-of-life’d, or otherwise vulnerable application.  Attackers are skilled at stealthily moving across one’s infrastructure once they’ve found even the smallest crack of daylight.

Still looking for the perfect gift this year?  It’s time to think about modernizing your approach to enterprise and cloud security. Grab those reins, put some wax on the sleigh’s runners and tell Rudolph to get a move on and graduate beyond the simple firewall and IDS/IPS and embrace the best gift of all, AI-powered NDR.  Your SOC team will thank you.  Your customers and partners will thank you.  And, most of all you may finally be able to sleep through the night a few times this holiday season.

John DiLullo

John DiLullo

John DiLullo has nearly 30 years of demonstrated success in enterprise security, networking, cloud, and AI, plus go-to-market expertise spanning sales, marketing, customer success, technical support, and operations. His career includes extensive time domestically and abroad with market leaders such as Cisco Systems, Avaya, SonicWall, and Aruba Networks serving customers large and small through traditional and emerging channels. Prior to joining Lastline, John was the EVP for F5 Network’s $2B+ Worldwide Sales and Customer Operations, delivering improved application performance and security solutions to Enterprise and Service Provider data centers and public cloud environments. John is an avid technologist, an author, an entrepreneur, an innovator, and an accomplished public speaker.
John DiLullo