The increasing scale, complexity, and changeability of IT environments are making automation a security must for many in the enterprise space. Human interaction leads to the risk of human error, and that’s no longer a risk that many can take. Target, as BusinessWeek recently reported, learned that the hard way when its Minneapolis security team failed to respond to FireEye security alerts, leading to the massive data breach that has so far cost the company over $61 million. Fortunately for organizations that hope to avoid a similar fate, many security vendors are focusing on policy-based automation to minimize human interaction and human error in network security operations.
Damballa adds automated breach defense to ForeScout CounterACT
BYOD and mobility are among some of the complicating factors in today’s networks. How can human teams keep up with threats streaming in from a proliferation of endpoints both inside and outside the corporate perimeter? Network Access Control (NAC) market leader ForeScout and advanced threat protection vendor Damballa aim to solve the problem with a partnership announced today.
Using ForeScout’s ControlFabric Integration Module, which enables integration with third-party security solutions, Damballa’s Failsafe will combine with ForeScout’s CounterACT for automated detection and containment of infections across all common operating systems and devices according to existing policies. The companies boast minimized detection and containment times and less human interaction needed (and human error risked). Additionally, the ForeScout/Damballa integration will enable the collection of additional threat intelligence as malware is detected and can analyze malware traces on compromised devices, then use that intelligence—the “malware DNA,” as ForeScout VP of Technology Gil Friedrich explained—to discover additional devices that were also infected and take steps to remediate those, too.
Tufin and Puppet Labs join forces to automate and orchestrate firewall security policies
BYOD and mobility aren’t the only challenges that automation can address. The scale of modern infrastructures is a problem, too. In response to that problem, security policy orchestration solutions vendor Tufin unveiled a new, automation-focused partnership of its own late last month. Tufin has teamed up with Puppet Labs to integrate Puppet Enterprise automation capabilities into the Tufin Orchestration Suite. Puppet Enterprise will enable Tufin customers to automate policy changes to iptables host-based firewalls, which often protect both physical and virtual Linux servers. This will help address enterprises’ needs to speed up and scale their security policy change provisioning across both physical and virtual environments, pushing more consistent and less error-prone security from the data center up to the cloud.
CipherCloud keeps malware from the cloud out of enterprise networks
Tufin is, of course, not the only vendor to set its sights on the cloud. Cloud security is becoming a priority, and a number of vendors are jumping on the opportunity. Among them, CipherCloud’s focus on automation and policy makes the startup a standout. While CipherCloud’s primary goals are encryption and protection for enterprise data hosted in third-party cloud services, the vendor’s platform also provides antivirus and malware protection designed to identify and clean or contain infected content before it descends from the cloud to back into enterprise networks. This real-time, on-the-fly remediation helps keep enterprise networks safe from threats that latch on beyond their perimeters.
Cyphort claims better intelligence to aid more traditional security strategies
For organizations not quite ready to give up the human touch of their security teams, security startup Cyphort, just out of stealth last month, offers new ways to secure their infrastructure both onsite and in hybrid and public cloud environments. The company pushes cost effectiveness, context awareness, and breadth and depth of coverage as its strong points. Cyphort’s software-based solution can run on commodity hardware or virtual machines, eliminating the need for costly appliances and enabling cloud deployment. Upon detection, malware is put in the context of the infrastructure and attack severity to guide more effective response. Cyphort also provides actionable intelligence, such as the types of firewall rules that should be applied and the domains to block in order to prevent similar attacks from happening again.
As enterprise network and data environments change, so too must the measures organizations take to secure those environments. BYOD, mobility, cloud, and virtualization lead to greater flexibility and scalability, but that creates new challenges. Automation will enable greater security just as it enables the network environments of the future.
Header photo courtesy of Shutterstock.
Jude Chao is managing editor of Enterprise Networking Planet. Follow her on Twitter @judechao.