• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Surveys
  • Partners
    • Request a Briefing
    • Become a Partner
    • Landing Pages
    • Bookings
      • Approved Interview Form
      • Approved Interview Form – Returning Guest
      • Book a Conference Interview
      • Conference Collection Form
  • Hosts
  • Company
    • About
    • Contact
    • Careers

Articles/ Asset Management/ Blue Team/ Cloud Security/ Encryption/ Endpoint Security/ Incident Response/ Insider Threat/ Intrusion Detection/ Network Traffic Analysis/ Remote Access/ Security Operations/ SIEM/ Threat Hunting/ Threat Intelligence

Why Network Data Should be the Foundation of Your Security Strategy

Matt Alderman November 6, 2020

Paul and I have talked a lot about his enchanted quadrants on the podcasts, but for those who haven’t watched, here’s a quick summary…  An effective security program requires the integration of four key data sources:

  • Logs (firewall, network, application, etc.)
  • Endpoint (files, processes, logs, etc.)
  • Network (flow and packets)
  • Threat Intelligence

Most organizations build their programs starting with either logs or endpoints.  The log focused organizations start with a security incident and event management (SIEM) solution, then add threat intelligence, endpoint, and eventually network data.  The endpoint focused organizations start with an endpoint detection and response (EDR), then add logs, threat intelligence, and eventually network data.  Notice that network data is usually last.  Why?

Traditionally, network data has been the hardest and most expensive data to collect (and store).  Early solutions could only provide flow or required lots of specialized hardware to collect packets.  Only the most mature security programs and teams could afford collecting and storing network packets.  But as technologies advance, that reality has shifted.

We all know the network never lies, where logs can be deleted and agents evaded with so much as a simple, automated script.  So why wouldn’t we all want access to the ground source of truth? With the move to cloud and remote work, getting that visibility without the need for endpoints or logs, is even more important.  So how do we flip the model?

We recently interviewed Mike Campfield, VP, Global Security Programs at ExtraHop, on Enterprise Security Weekly to discuss why network detection and response (NDR) belongs in your security strategy.  We actually went deeper and proposed that NDR is the foundation of your security strategy, flipping the traditional model. Try as we might, attacks will find a way past your defenses. When they do, it’s critical to have visibility into their post-compromise behavior as they attempt to move laterally across your network. That’s where NDR and ExtraHop shine, allowing you to quickly stop attackers before they can achieve a full-scale breach. No one data source or tool is enough, but combining best of breed NDR, EDR, and threat detection and response (TDR) solutions, can help organizations build a strong security foundation for detection and response.

ExtraHop gives you the perspective you need to understand and defend your hybrid attack surface from the inside out. Their industry-leading NDR platform is purpose-built to help you stop breaches 84% faster by:

  • eliminating blind spots,
  • detecting threats that other tools miss, and
  • clearing the queue faster

To see why NDR and ExtraHop should be the foundation of your security program, watch the interview on Enterprise Security Weekly here or visit securityweekly.com/extrahop for more information.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

abstract-technology-science-concept-brain-digital-link-binary-hi-tech-blue-background_36402-92

Articles /

Selecting the Right Brain for Your Sensors

CT_web_featured_3_20_20

Asset Management /

How Can We Vaccinate Our Networks?

AdobeStock_145255314-1013x440

Blue Team /

Security Awareness Training – Time for a Change in Philosophy?

‹ Protecting Cloud-Native Applications › Phishing: The Gift that Keeps on Giving

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS Feed RSS - Posts

Search

Follow Us On Twitter

→ Follow Us
© Security Weekly 2021
Powered by WordPress • Themify WordPress Themes