New Rapid Threat Response Product Automates Threat Triage Process to Contain Threats in Real Time
Bradford Networks, a provider of threat response solutions, today unveiled a new offering designed to help organizations rapidly contain advanced cyber threats.
Dubbed “Network Sentry/RTR”, the new solution leverages a “Live Inventory of Network Connections” (LINC) and customized integrations with firewall and threat detection solutions to automatically correlate high fidelity security alerts with compromised endpoints, the company said in an announcement.
"The growing volume and complexity of security events that need to be triaged make it impractical and irresponsible to attempt to respond and remediate threats manually, yet even the most sophisticated organizations remain hamstrung by manual processes for incident response,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “As a result, problem isolation and containment can take days or weeks. Automating incident response activities may be the best way to address this problem. By integrating technologies, streamlining operations, accelerating root cause analysis, and automating remediation tasks, Bradford Networks is addressing this critical industry-wide problem head on."
According to Boston-based Bradford Networks, key features of Network Sentry/RTR include:
• Network Visibility: Delivers a Live Inventory of Network Connections (LINC) across all wired, mobile and VPN endpoints to automatically identify and control every device, user and connection to the network;
• Correlates High Fidelity Security Alerts: Automatically correlates the IP address provided by the firewall or threat detection solution to the compromised devices, users and applications;
• Boosts Intelligence with Context-Aware Security Data: Adds context to security alerts, such as user name, security group, device type, additional devices owned by the same user, installed applications, operating system, wireless access point and wired switch port, connection duration and endpoint compliance, to provide a broader perspective of the business impact and risk;
• Context Aware Automation: Automatically takes a response action on a non-compliant, compromised or risky endpoint, such as auto-block, restrict, or remediate, and notifies IT staff in real time, based on pre-defined security policies;
• Dynamic Policy-Driven Access: Dynamically controls every user's and endpoint's level of network access based on trust and risk, combined with business-criticality;
• Accelerates Forensic Investigations: Integrates with Network Sentry/Analytics to provide long-term analysis and forensics information to simplify and accelerate cyber threat investigations.
"In today's cyber threat landscape, companies need to move from a strategy of solely focusing on prevention to one that enhances detection and rapid response,” said Tom Murphy, chief marketing officer at Bradford Networks. “By creating seamless workflows that bridge the gap between the SOC [security operations center] and the NOC [network operations center], and automating complex triage processes, Network Sentry/RTR delivers the missing piece in rapid threat response and can contain threats in seconds."
Network Sentry/RTR is available immediately and can be deployed as a physical appliance, virtual appliance, or cloud service.