New tool boosts threat protection inside the perimeter
Since stopping 100 percent of malware and viruses is unrealistic, IT managers must also focus on security that isolates and blocks threats once they are inside the network perimeter.
The iboss FireSphere Threat Isolator gives IT managers packet-level visibility to monitor, detect, isolate and block communications between machines on the network to stop virus and malware infections or bot callbacks from spreading. This is achieved by integrating FireSphere’s advanced data protection features with the HP OpenFlow-based switches, adding a layer of data protection inside the network perimeter.
This allows lets FireSphere’s perimeter defense capabilities detect malware once inside the network and contain the outbreak immediately and automatically.
Typically, when malware such as CryptoLocker infects a network, it begins encrypting any shared drives and files it can access, without needing to leave the network. With FireSphere Threat Isolator, IT managers can immediately contain the infection by blocking any communications from the original malware-infected machine. This ultimately reduces data exfiltration and prevents further damage.
FireSphere Threat Isolator receives commands from the FireSphere solution across a proprietary REST API. The commands are translated into the appropriate OpenFlow messages, which are then targeted to the correct switches in the network, isolating the compromised machine and preventing the spread of infections.
“There is a gaping hole in organizations’ security postures that leaves the network at risk of data exfiltration in the dwell time following infection but before the threat is detected,” said Paul Martini, CEO of iboss Cybersecurity. “Assuming you can stop all malware is unrealistic. The FireSphere solution automatically detects when an infection has breached the perimeter then isolates it to mitigate an outbreak and stop the consequences of the infection.”
“Given the turbulent nature of today’s cyber threat landscape, organizations need a simpler way to manage and contain malware that has broken through the network perimeter,” said Dominic Wilde, VP of product management and product marketing at HP Networking. “The integration of FireSphere with HP SDN architecture provides customers with the global visibility into their networks needed to ensure that such threats are contained.”
The FireSphere Threat Isolator is available for download through the HP SDN App Store.
Connect with the GCN staff on Twitter @GCNtech.