Partner Perspectives: Detect All Devices, Respond to All Threats

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Michael Tanji is the Chief Operations Officer for Senrio.

The ability to detect and respond to cyber threats in a timely manner is an essential capability of every security-minded enterprise. Endpoint detection and response (EDR) solutions, such as Carbon Black’s Cb Response, are a critical component of such capabilities, but the effectiveness of an EDR solution is diminished if it is not applied to all endpoints. The introduction of bring your own device (BYOD) and rogue IT into the workplace has made ensuring proper protection for all assets a constant challenge for enterprises.

The problem intensifies with the proliferation of Internet of Things (IoT) devices. It does not help that IoT devices lack the processing power, memory and other features to run an endpoint sensor. As the use of IoT devices grows, so too does an enterprise’s attack surface. What doesn’t grow is an enterprise’s ability to detect and respond to threats.

Today, one can breach an enterprise without ever touching a traditional endpoint. At the 2018 RSA Conference, the Senrio research team demonstrated how an attacker could go from a connected device, like a surveillance camera, to a router and then onto a network-attached storage device. From there, an attacker can exfiltrate data without ever touching a system with an endpoint sensor.

Being unaware of devices in either class – IT or IoT – prevents IT administrators and security operations teams from knowing what they have to defend. Without awareness of all devices, as well as visibility into what those devices are doing, it is impossible for any organization to effectively defend itself.

The integration between Carbon Black and Senrio solves five key problems in connected device awareness and visibility:

  • Identifies Devices

    Senrio will identify all connected devices in an enterprise – IT or IoT – along with metadata about a device’s make, model, manufacturer, OS, firmware, protocols, connections and more.

  • Protects Devices

    Being aware of the devices in an enterprise enables a security team to ensure that all devices that can have endpoint protection on them, do. Together, Carbon Black and Senrio ensure that all formal resources are protected, and that all informal resources (BYOD and rogue IT) are identified and subjected to enterprise policies.

  • Creates Baselines

    Senrio’s ability to profile device behavior helps establish a baseline of what ‘normal’ is for each device. Creating a baseline for what’s normal allows alerts to be generated when devices behave abnormally. This feature is particularly valuable for IoT devices, which do not generate logs of activity that can be subjected to standard threat detection, hunting processes or tools.

  • Tracks Connections

    As Carbon Black detects connections between commodity IT devices, Senrio tracks connections between IoT devices. This capability enables abnormal or suspicious activities on IoT devices to be monitored. Monitoring activity on these devices answers questions such as Have any of my IoT devices connected to a known-bad IP? and Why is my MRI machine connecting to a botnet command and control server?

  • Integrates Tools

    Senrio’s alerting capability integrates seamlessly with tools like Cb Response, SIEMs and other security tools to help enforce policies and respond to incidents. This integration enables users to view the fastest growing segment of enterprise IT in their preferred pane of glass and address issues using the same tools they prefer to use when addressing other incidents.

Every device connected to a network is a potential weak point – even if the role that device plays seems minor under ordinary circumstances. Together, Carbon Black and Senrio provide comprehensive awareness and visibility into all connected devices, helping to ensure that you know exactly what makes up your enterprise. By ensuring that each connected device is monitored, organizations increase the value of their commodity IT and IoT devices without increasing risk.

For more on how Senrio Insight protects the IoT devices in your environment, visit www.senr.io.

The post Partner Perspectives: Detect All Devices, Respond to All Threats appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
153 Followers
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel