www.beyondsecurity.com Open in urlscan Pro
2606:4700:4400::6812:21b2  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.beyondsecurity.com/

<form role="search" class="search-form" method="get" action="https://www.beyondsecurity.com/">
  <label class="screen-reader-text" for="s-1">Search for:</label>
  <div class="input-group">
    <input type="search" class="field search-field form-control" id="s-1" name="s" value="" placeholder="Search …">
    <span class="input-group-append">
      <input type="submit" class="submit search-submit btn-1 " name="submit" value="Search">
    </span>
  </div>
</form>

Text Content

Cookie-Präferenzen
Skip to content
 * Fortra.com
 * Support
 * Contact
 * Pricing


MAIN NAVIGATION

 * Products
   * beSECURE
   * beSTORM
 * Solutions
   * DAST
   * Application Security
   * Black Box Fuzzing
   * Vulnerability Management
   * PCI ASV Scanning
   * NERC-CIP Compliance
   * MSP White Labeling
   * View All Solutions >
 * Resources
   * Blog
   * Guides
   * Documented Security Vulnerabilities
   * beSECURE Guides & Manuals
   * beSOURCE Guides & Manuals
   * beSTORM Guides & Manuals
   * All Resources >
 * About
   * Careers
   * Support
   * Sales Partners
   * Fortra Products
   * Contact Us
 * Request a Demo
 * 

Search for:


Home » Blog » How Automated Detection and Network Access Control Work Together
to Improve Incident Response


HOW AUTOMATED DETECTION AND NETWORK ACCESS CONTROL WORK TOGETHER TO IMPROVE
INCIDENT RESPONSE

When a network or device is compromised, it is critical to respond as quickly as
possible in order to minimize the risk to your business. To have an almost
instantaneous incident response, you have to do two things: you have to detect
the incident immediately and you have to respond immediately. 

Here we’ll show how combining automated detection with network access control
(NAC) can improve incident response.


NETWORKS ARE BECOMING INCREASINGLY DIFFICULT TO PROTECT

Networks have morphed into heterogeneous, hybrid-cloud infrastructures populated
with multi-vendor devices. Making matters worse is the proliferation of IoT
devices which come with very little built-in visibility or security. And on top
of this, at the start of 2020, countless companies were suddenly put in a
position where large segments of their workforce started working remotely.

With remote work came increased use of personal devices. And with this increase
in BYOD, came a corresponding increase in endpoint security risks that were both
difficult to track and difficult to manage.

As the adage goes, if you can’t see it and you can’t assess it, how can you
protect it? More importantly, how do you protect a network with such a diverse
number of endpoints? How do you keep up with them all? That’s the challenge
facing IT departments today. 

As things turn out, there’s a solution. A potent mix of vulnerability detection
and network access control technology can be used to deliver almost
instantaneous incident response.


START WITH AUTOMATED THREAT DETECTION

As we’ve said in a previous article, the technology to detect weak or infected
devices and the technology to quarantine them has long existed – but until now,
the missing link has been the integration between the two.

You can’t respond to an incident you don’t know about. So it goes without
saying, you must start with detection. Using a combination of agentless and
agent-based vulnerability scanning and monitoring, you can identify vulnerable
devices as soon as they appear on your network.

Both solutions offer automated detection, but some devices lend themselves to
agentless discovery and detection, while others, like IoT devices, will need
agents placed on the device. If you have a large number of devices in your
network, you’re likely going to need both of these to stay ahead of the threats
in your environment.

Agentless scanning can be used to find unmanaged devices and perform regular
scans of everything on your networks without having to install additional
software. But there’s a catch: you won’t be able to detect devices not connected
to the network at the time of the scan, nor devices that are turned off at the
time of the scan. 

Agent-based scanning increases the visibility and security of all devices on the
network – including IT, IoT and BYOD devices. These lightweight programs work in
the background to continuously monitor network activity generated by endpoints
and instantly detect signs of suspicious activity – but you have to gain
permission of the user to install these agents.

Both solutions can be used to enact custom security policies and detect a range
of threats from outdated software and missing patches to vulnerabilities, bugs
and hijacked devices. Whenever a weak or vulnerable device is identified on your
network, it is evaluated to determine the level of risk – and registered as an
event. But what action should be triggered? 


CONTINUE WITH PROACTIVE ANALYSIS AND PRIORITIZATION 

The flood of incidents can overwhelm an organization. According to an IDC study,
“firms experience an average of 40 actionable incidents per week. Some of these
will translate into genuine attacks but others require investigation in order to
determine that they are benign.” 

Over two thirds take between 1 – 4 hours. You don’t have to do much math to
realize that’s one or more full time resources just responding to incidents. The
bottom line is you cannot just scan your network for incidents. You also have to
analyze and prioritize those incidents.

You must leverage technology to contextualize threats in real-time so you can
take intelligent action. Most vulnerability assessment solutions use a
combination of CVSS (common vulnerability scoring system) scores and insights
gathered from CVE (common vulnerability and exposure) databases and real-time
threat intelligence feeds to prioritize risks of incidents to the organization. 

Everything you monitor and detect must be evaluated for its relative risk,
otherwise you run the risk of trying to “drink water from a fire hose.”


FINISH THE JOB WITH AUTOMATIC QUARANTINE

What do you do once you have analyzed and prioritized incidents? You use network
access control (NAC) to initiate automatic and immediate quarantine. When you
synchronize your NAC service with your security scanning solution, as soon as a
threat is detected, your NAC solution kicks into action – suspending access and
preventing a security risk from expanding. You have almost instantaneous
incident resolution by combining these two technologies.

With the user’s device now quarantined, the technology team can reach out to the
user to safely address the security concern without leaving company networks
open to ongoing threats.

Companies that don’t have a NAC solution in place should consider one of the
vendors that now offer NAC in the cloud. It doesn’t require additional
on-premises equipment and can quietly work in the background – jumping into
action once the security software identifies a threat.


DETECTION, ANALYSIS AND INSTANT ACTION – THE KEY TO IMPROVING INCIDENT RESPONSE

A combination of automated detection with incident analysis, alongside the
ability to automatically quarantine devices, delivers quick protection when an
unknown system-wide threat emerges. It rapidly protects your network, giving you
time to eradicate the threat.

Of course, the method we outlined is just one part of a broader cybersecurity
strategy, but we are confident that automated detection and analysis, plus
instant NAC-driven quarantine will deliver the incident response times CISOs
demand.


BLACK BOX FUZZING UNCOVERS KNOWN AND UNKNOWN VULNERABILITIES

Black box fuzzer tools can find your known AND the unknown vulnerabilities. This
cybersecurity guide, How Black Box Fuzzers Protect Against The Unknown can help
you create layered security to find the unknown vulnerabilities and cover the
known ones as well.

get The Guide

 * tel:+1-800-328-1000
 * Email Us
 * Start Live Chat
 * Request Support
 * Subscribe

 * Twitter
 * LinkedIn
 * Youtube

Certifications




FOOTER 1

 * Products
   * beSECURE
   * beSOURCE
   * beSTORM
   * Fortra Products


FOOTER 2

 * Solutions
   * Detection & Response
   * SAST, Static Analysis
   * DAST
   * PCI ASV Scanning
   * NERC-CIP Compliance
   * MSP White Labeling


FOOTER 3

 * Partners
   * Sales Partners
   * Technology Integrations
   * OEM Partners
   * Standards and Compliance Partners
   * MSP and MSSPs


FOOTER MENU 4

 * Company
   * Press
   * Careers
   * Blog
   * Support
   * Contact


CONTACT INFORMATION


PRIVACY POLICY


COOKIE POLICY


IMPRESSUM

Copyright © Fortra, LLC and its group of companies. Fortra™, the Fortra™ logos,
and other identified marks are proprietary trademarks of Fortra, LLC.