Bradford Networks' Network Sentry/RTR
Automatically correlate high fidelity security alerts from the leading firewall and Advanced Threat Detection solutions
The security industry has made significant investments and improvements in cyber threat detection but containment (time from threat detection to remediation) is still a very manual, costly, and drawn-out process.
During these critical days or even weeks, high priced security experts must traverse IT domains, frantically sifting through and correlating silos of disparate alerts, events, and logs trying to uncover, trace and contain a threat’s electronic foothold. Unfortunately, this process is fragmented, manual and relies on intuition, and results in costly and extended incident response times. During this time, more and more of company’s intellectual property is stolen, its reputation is tarnished, and the cost of the breach continues to rise.
Introducing Network Sentry/RTR
Armed with high-fidelity security alerts, business context, and the ability to automatically control network access, Network Sentry/RTR minimizes a threat’s impact and response time.
Network Sentry/RTR leverages its unique Live Inventory of Network Connections (LINC) to automatically correlate high fidelity security alerts from the leading firewall and Advanced Threat Detection solutions with detailed contextual information on compromised endpoints, users and applications. Once identified, Network Sentry/RTR triggers an automated response, based on the severity and business criticality of the incident, to contain compromised devices in real time. Network Sentry/RTR also provides detailed historical information on all network connections, giving security experts unprecedented forensics to help fully understand and investigate the threat’s methodology, lifecycle and scope.
By automating the complex threat triage process and rapidly responding to security alerts, Network Sentry/RTR minimizes the risk to assets and intellectual property, protects the brand, and reduces the impact, time, and costs of containing cyber threats. And the threat response process, which previously relied on manually bridging teams and silos of information, is now streamlined and simplified. With Network Sentry/RTR Security Operations Centers can now stay ahead of the growing number of threats, alerts and incidents that continue to overwhelm them.
- Complete Network Visibility: Network Sentry/RTR maintains a Live Inventory of Network Connections (LINC) across all wired, mobile and VPN endpoints to provide unprecedented visibility and knowledge of every device, user and connection to the network.
- Seamless Integration with Advanced Threat Detection Solutions: Network Sentry/RTR’s turnkey integration with firewalls and Advanced Threat Detection solutions enables a simple setup, configuration and seamless integration with the security solution.
- Automatically Correlates High Fidelity Security Alerts to Compromised Devices: Network Sentry/RTR seamlessly correlates a security alert, sent by the Advanced Threat Detection solution, to the compromised endpoint, enabling rapid threat triage and bridging organizational and informational silos.
- Automated Response to Contain Threats: Through its network policy enforcement engine, Network Sentry/RTR dynamically controls network access. When the Advanced Threat Detection solution triggers a security alert, Network Sentry/RTR will automatically take a response action on the compromised endpoint, such as auto-block or restrict network access to instantly contain the threat in real time and minimize its impact.
- Boosts Intelligence with Context-Aware Data: Network Sentry enhances security alerts by adding business context details such as user name, security group, device type, additional devices owned by the same user, installed applications, operating system, wireless access point and wired switch port, connection duration and endpoint compliance. This data provides key inputs that help determine the appropriate automated response.
- Accelerates Forensic Investigations: Network Sentry/RTR, via integration with Network Sentry/Analytics, provides a historical perspective on network connections that is crucial when analyzing a threats’ point of entry, methodology, lifecycle and scope.