Realtime Security - Visibility into the Actors on your Network
In the world of network security, we often use warfare terminology to describe our own theatre of battle against the bad guys. The term "Actor" is central to our solution, and is descriptive of a critical aspect of securing your network, so let’s talk about what it means and why you should care.
An actor, in the theatre of war, is any participant in a political or military situation. It is a general term that may describe any individual, group, or organization that might be participating in a given scenario. It is always a primary goal of military action to get to the opposition's primary actor(s) and neutralize their impact. Not surprisingly, it is the priority of the opposition to achieve their goal with the least amount of interference – which usually involves an element of surprise, clandestine movement, or identity masking. In network security, we deal with exactly the same paradigm.
In a network, bad actors work hard to mask their true identity. The broad availability of tools for hiding – and the sheer volume of network telemetry data (the haystack) for the good guys to inspect – gives them the upper hand. As such, the task of finding impersonators in your network requires sifting through a lot of noise and identifying patterns that can highlight actors with anomalous, if not obviously malicious, intent. It is a complex effort that requires the ability for the analyst to interact with large amounts of data in real time - hence the term, realtime security.
Click Security’s real-time stateful data flow engine enables an array of Click modules to piece together actor activity intelligently and rapidly – enabling automated identification of normal actor activity from suspicious. Core modules automatically associate events, flows, authentications and more to actors. Utility modules bring in augmentation data that further profiles the actor – data including geo-location, IP blacklist, Whois, etc. attributes. Click analysis modules identify behavior patterns that suggest malicious intent. For example, reconnaissance and probing activity can normally be spotted easily, allowing action to be taken before the actor gains access to a sensitive resource. Actor identification is a cornerstone of our Real-time Security Analytics. Tracking who is attacking you in real-time – allowing you to take action as they are accessing your network, establishing beachheads, moving laterally, changing privileges, or locating valuable assets in your network – before exfiltration is what our solution is all about.
To learn more about realtime security and how we automate the visibiity of actors, register and download our new technical white paper by clicking the button below: