New from enSilo: IoT Discovery and Protection
Visibility is just the beginning:
Visibility is the key starting point to any security stack. It’s a lot easier to defend against something you can see. This is why detection is at the beginning of any incident response playbook. However, with the spread of today’s high-velocity attacks, visibility and awareness may fail you in ways you don’t expect. You may detect the symptoms of an attack more quickly than you will receive the actionable intelligence associated with the said attack. Closing the gap between detection and action, also known as “dwell time,” has never been more critical. We have seen this evolution before. IDS predated the inline IPS for both the network and the endpoint. EDRs predated the enSilo real-time post-infection protection. This understanding is what drove enSilo’s breakthrough approach to endpoint protection and is now driving our approach to IoT.
According to 451 Research, “The explosion of unmanaged devices connecting to corporate IT environments, such as printers, routers, IP cameras and (in some cases) medical devices, has made it more difficult for enterprise security teams to gain a complete understanding of their exposure. On top of this, increasing connectivity between IT and operational technology (OT) networks, a process known as IT/OT convergence, has brought security for both of these environments under the domain of the CISO.”
Endpoint: The least common denominator:
Layered security is critical, and the network layer is of supreme importance. However, in the growing bloat that has become multi-layered network security, the endpoint is often overlooked. A network box can only see traffic from its connected segment. You can go upstream to a core level or gateway switch, but in today’s large enterprise environments, you will run into the issue of throughput and latency, not to mention limited visibility taking standard communication encryption. Solutions for this vary, including purchasing additional expensive traffic shaping gear or stacking multiple pizza boxes. In either case, there will be significant additional costs and potentially additional consoles to manage or extensive integrations to implement. However, endpoints are present in every segment and are highly dispersed. Analysis for each segment can be handled independently by a device that is already present in that segment. Therefore, we believe our approach for IoT takes advantage of the least common denominator in security -- the endpoint.
The enSilo Approach:
With enSilo’s groundbreaking approach, you now can have IoT visibility and protection built into your advanced endpoint platform. Imagine not having to mount another pizza box, deploy another agent or, even better, actually being able to monitor and control all communicating devices in a single pane of glass.
IoT has long been the blind spot in security. Both networks and endpoints have very mature stacks, however, the ever-expanding device count, type and complexity leaves certain blind spots in your security visibility profile. enSilo will illuminate these blind spots to tell a complete backstory and offer you a more holistic security profile. We achieve this by using endpoints already deployed with the enSilo security stack, therefore reducing the number of consoles and solutions needed to get a full understanding of what's floating on the network. This discovery can be ad hoc or scheduled, and devices can be grouped into inventory automatically.
Because we are proactively scanning from existing endpoints, we can fingerprint an exact device type much more accurately than through passive discovery, which in some cases makes it impossible. Moreover, it ensures coverage of every segment in the network.
Through this proactive scanning, we identify the application versions of each discovered device on the network. This identification is a very critical point as we’re able to associate device type with the running software version, and we can then enrich the findings with any known CVEs.
Based on this extended collected and enriched data, the platform can enforce, in real time, a tailor-made risk mitigation practice associated with the discovered vulnerabilities, enabling you to proactively reduce your attack surface. Practically speaking, the platform enables us to apply a risk-associated policy promptly upon discovery of any device or application based on vulnerability criticality, application rating or signing characteristics. In the case below, a discovered printer was correlated with a critical vulnerability and a blocking communication policy automatically applied through integration with 3rd-party corporate firewalls, which will deny communication to this printer. This was all orchestrated through an enSilo Playbook requiring no admin interaction -- hence, completing the cycle of gaining actionable intelligence and automatically taking proactive steps to hedge against the resulting conclusions.
In summary, enSilo’s IoT discovery and vulnerability assessment and mitigation capabilities add a critical layer of network security protection to your already existing real-time pre- and post-execution protection. This protection combines active IoT scanning for visibility with concise policy control giving you an additional layer of network protection delivered from your existing endpoint infrastructure. So when we say enSilo protects everything, we mean all your endpoints -- even IoT.
If you’d like to see how enSilo protects every endpoint in your organization, watch the video and while you’re there, register for a test drive. If you like what you’re reading, remember to subscribe to our blog.