To Read Part 1: The Wild Wild East-West
While we were writing this blog, there was a high profile security breach. It can happen to anyone, at any time. Infrastructure Attacks are getting stealthier.
Several new security technologies have popped up in the past decade, but none of them can comprehensively secure a modern multi-cloud enterprise network.
We’re not here to bash anyone else’s product. If you’ve got cash to spend on several technologies, there are good solutions in each of these areas.
In order to place Confluera’s solution in context, here’s our view of the competitive landscape.
Network Anomaly Detection: In theory, this is a good idea. Looking at patterns in encrypted network traffic avoids several privacy concerns, leverages low-cost compute, and makes use of new developments in machine learning.
But there are a couple of limitations with this approach.
First, Network behavior is human behavior: it’s complex. Building an abstract model of an attack using network traffic patterns is like trying to find robbers by monitoring how many times someone enters and exits a house. You’re as likely to flag a party as an actual robbery. Anomaly detection technologies have painful false positive rates that drown users in false alerts and make it difficult for SOC analysts to know when action is actually required.
Second, only 3 of the 14 common attack phases are visible on the public internet. There’s a traffic signature when an attacker first tries to find your server, and when they’re doing damage. By the time a network anomaly appears, it’s likely that serious damage has already been done.
End Point Detection: These are descendants of virus scanners that run on your desktops and laptops. They look in files for the signatures of known threats. They also monitor process behavior and flag actions that are commonly used in known attacks.
But the pace of software development as well as the pace of attack innovation makes it almost impossible to keep these tools up-to-date. They often miss new attacks as well as flag non-threatening programs that don’t conform to their deterministic characterization of “normal” behavior.
Vulnerability Discovery: There’s some really cool development in this space. Expanse, for example, scans the entire internet every hour looking for ports that have been left open or servers responding to requests that should be blocked. If your network is a house, vulnerability discovery solutions are tech that stands outside looking for open windows. There are also companies that will actively try to hack your network. But you can’t win the cybersecurity game playing pure defense. An attacker will eventually get into your network.
Next-Generation Firewalls : This is one of the legacy security categories, and the big networking companies are selling modern versions of technologies that limit incoming and outgoing traffic. Some of them are good, and are worth the money for businesses with a lot of it. Simplified policy language minimizes the opportunity for human error, and there are some good user authentication tools available. But for businesses that use cloud-based SaaS products, securing your network perimeter is no longer enough.
Confluera approaches security in a fundamentally new way that mirrors the distributed nature of modern attacks. Determinism without disruption is one of Confluera’s fundamental pillars.
Modern attackers spend months or even years slowly moving from server to server, gathering valuable data, and exporting it. Attackers are patient, quiet, and methodical. Confluera’s solution is designed with this in mind.
Where other solutions often aim to discover attacks based on a single obviously suspicious behavior, we watch for suspicious patterns in behavior. By monitoring behavior graphs from servers across your network, Confluera can identify attack patterns that jump between services or cloud providers. Because our attack chains are multi-phase, we’re able to avoid “crying wolf”. You are alerted only when a real threat is present.
Our solution is also integrated with an intuitive monitoring pane that gives you realtime information about network usage as well as active threats.
Because Confluera works so well, our favorite way to explain our pioneering product is to show it to you!
Please reach out to demo@confluera.com for a demo!
Or if you just want read some more I would recommend: Welcoming-weak-signals