Visibility and security solutions for hybrid environments, traditional networks, cloud providers, and users.
Your organization’s IT footprint has expanded beyond traditional networks and campuses into virtual networks, cloud providers and a mobile workforce. Unfortunately, your organization lacks the visibility needed to reduce your risk as you take advantage of these business-enabling technologies. When your organization is breached, only complete visibility of all your key cyber terrain can provide the context you need to identify and respond. Eastwind analyzes, hunts, and visualizes the following use cases.
Corporate Network Visibility
Scenario 1: You have multiple security solutions installed on your network but breaches continue to get through your security stack. Traditional security solutions have helped shrink the problem, but there are still thousands of new attacks per day. Even if just a small percentage of attacks get through, it’s a significant and possibly crippling threat. If your system didn’t detect the breach in real time, you have no data to search and analyze after the event.
Eastwind Solution: We collect network telemetry by deploying physical and virtual sensors using network spans, taps, mirror ports or virtual switches. When it’s time to investigate, we empower analysts to make intelligent decisions, scope the incident and reduce dwell time and the window of compromise. We provide the context and visibility before, during and after the attack. Regardless of whether the attack was identified in real time or occurred a year ago, Eastwind functions as a system of record, or cyber black box.
Scenario 2: Gaining situational awareness of your network at worst is unattainable and at best a patchwork of multiple systems and solutions. Identifying misuse and malicious activity on your network demands real-time situational awareness.
Eastwind Solution: Our network sensor extracts 2,700 protocol plugins and 4,500 application metadata providing analysts deep context of network and user behavior. This context is easily available through built-in dashboards for applications and protocols in use, traffic by geographic areas, unique operating systems and IP addresses, activity to newly registered domains, and bandwidth utilization over time to name a few. Analysts have the power to quickly develop their own dashboards in a matter of minutes.
Cloud Service and Application Provider Visibility
Scenario 1: Your workforce has enabled themselves with a variety of cloud applications to store, share and create information violating organization policy. However, your network security team does not have access to vital telemetry data within these services.
Eastwind Solution: Using Eastwind DNS Services and Network Sensors, you now have visibility of these providers to identify data leakage, insider threats, or misuse of company resources.
Scenario 2: Your organization has embraced business-enabling cloud technologies (SaaS) but you have no visibility of this new key cyber terrain. Office 365, Google Apps for Work (G-Suite), file storage and sharing (Dropbox, Box), Salesforce, Lucidchart, GitHub, the list goes on. At best, the most you know, if you are looking, is that they are accessing your cloud services. Most organizations have no visibility of what is occurring in these environments.
Eastwind Solution: Eastwind Cloud Connectors collect data from APIs and logs from cloud application providers to detect breaches and enable cloud forensics.
Scenario 3: Your organization takes advantage of cloud computing (IaaS) via Amazon, Rackspace, Google, Azure or another provider but you have zero visibility. Most organizations migrate their traditional IT into the cloud but security solutions lag and the expertise to provide security in the cloud is limited.
Eastwind Solution: Eastwind Cloud Sensors are virtual network sensors that can be placed into cloud provider infrastructure utilizing native capabilities to collect network telemetry and provide visibility. Eastwind Cloud Connectors collect telemetry from cloud provider APIs and logs to provide additional context.
User On and Off Premise Visibility
Scenario 1: When your employees use your network or VPN, you have visibility into their activities. But if they work remotely without VPN, you do not. In essence, they have circumvented your corporate security stack and increased your attack surface. Yes, they may have some type of endpoint protection and may use a corporate web proxy, but all the other layers of your defense in depth are no longer in play. They can check their personal email, visit websites, open documents, use cloud applications and your corporate security team has little, if any, knowledge of this activity.
Eastwind Solution: Eastwind Networks provides coverage via multiple means. Enterprises can push policy to endpoint devices that requires them to use Eastwind DNS Services when they are offsite. Our DNS services collect telemetry from all endpoints to provide granular content filtering, malicious activity mitigation and visibility for users no matter where they are located.
Eastwind Cloud Connectors collect data from cloud application APIs and logs to provide insight into cloud activity that does not traverse the corporate network. So connecting to cloud-based email such as Office 365 from the coffee shop would be recorded and visible, eliminating crucial gaps in coverage.
Scenario 2: While your security solutions are monitoring network activity, they are unable to correlate a particular activity to a specific individual, which hinders your ability to investigate and respond.
Eastwind Solution: The Eastwind Active Directory Connector pulls user and system telemetry from active directory servers allowing you to correlate user and network activity.
Scenario 3: Halfway through 2016 there have already been 522 reported data breaches exposing more than 13 million records according to the Identity Theft Resource Center. The fact is, employees’ have an attack surface outside of your organization that you have no visibility into and cannot control. Many times employees will sign up for services using their corporate email. Worse, they will use the same, or a slight variation of the same password. Adversaries take advantage of this and use this information to target your organization via brute force attacks, impersonation, blackmail and targeted spear phishing.
Eastwind Solution: Eastwind’s C2 Compromised Credentials monitors data breaches for domains related to your organization allowing you to quickly minimize your potential attack surface and reduce insider threat risks.