Comprehensive software reviews to make better IT decisions
Proofpoint SOARs Above the Rest With Award-Winning Security Orchestration, Automation, and Response
Proofpoint’s Threat Response has claimed the Cybersecurity Excellent Awards Gold Winner for 2019 in the Incident Response category. While it is well known in the security space that there is no silver bullet solution for every attack, Proofpoint’s solution aims to reduce the manual labor and guesswork required in times of chaos, helping organizations to resolve incidents more efficiently.
Threat Response is a security orchestration, automation, and response solution designed to manage several crucial steps of the incident management process. The solution is able to ingest security alerts from multiple security tools and endpoint forensics as well as additional context and intelligence from both internal and external sources.
By aggregating and analyzing all of this data, the solution can make that data actionable by then automating workflows and response procedures, including lists and objects for enforcement. It can integrate with existing security infrastructure to block verified threats and quarantine infected systems and user accounts to minimize the prorogation of the incident.
While the solution offers significant benefits, there are some potential drawbacks and possible risks to be aware of:
- Garbage in, garbage out. The solution can be limited by the quality of data that it is given. If your security controls or threat intelligence are not providing accurate data, false positives may lead to extra work or true positives may result in incidents not being detected until it’s too late.
- Better safe than sorry? Quarantining and containing infected systems may result in over-protection at times, which may prevent users outside the scope of the incident from performing their job duties.
- Too much of a good thing? The automated eradication may resolve the issue too quickly, before it has been fully investigated. As a result, the learning process associated with incident response may be lost. The symptoms of the attack are addressed, but the vulnerabilities that caused it have not necessarily been tackled.
Want to Know More?
COVID-19 has forced software companies and their suppliers to refocus efforts around prioritizing systems and workflows that are nearly 100% digital in nature. As a result, Info-Tech has observed the quick emergence of six market themes that are highly relevant post COVID-19. This note series will profile key vendors and how they fit into the post-COVID-19 world.
COVID-19 has forced software companies and their suppliers to refocus efforts around prioritizing systems and workflows that are nearly 100% digital in nature. As a result, Info-Tech has observed the quick emergence of six market themes that are highly relevant after COVID-19. This note series will profile key vendors and how they fit into the post-COVID-19 world.
Oracle has announced the general availability of Exadata Cloud@Customer, a managed service that enables enterprises to unlock the previously cloud-first features of Oracle's Autonomous Database for on-premises data centers. This offering is ideal for enterprises that must conform with regulatory and/or technical challenges that force on-premises database residency.
Microsoft Cloud Services Usage Surges 775% for Teams in Regions With Enforced Social Distancing – Part 2
Experiencing issues when using Microsoft online services? You are not alone. Capacity constraints were being hit, pre-COVID-19, and usage has surged in regions with enforced social distancing.
Google has announced a premium support plan for its cloud customers, promising a 15-minute response to the highest severity tickets. Google’s cloud has long struggled with enterprise customers – especially when compared to giants Microsoft and AWS – and this announcement is the latest incarnation of Google’s push to better serve a critical constituency.
Microsoft Announces Expansion of Azure Canadian Infrastructure, Offers Data Residency and High Availability
In January, Microsoft announced what it’s calling “the largest expansion of its Canadian-based cloud computing infrastructure” since 2016. Additional availability zones and services will increase capacity for cloud-hungry Canadians, and the addition of an Azure ExpressRoute site in Vancouver will guarantee security and performance in a regulated jurisdiction.
Microsoft’s announcement that server-side encryption with customer managed keys for Azure Managed Disks is now available is welcome news for security-minded public cloud customers. Managing one’s own keys in a cloud environment can be an important step in complying with regulatory requirements, and this new feature should open Azure Managed Disks to a wider group of customers who may have held back for this reason.
Amazon Web Services (AWS) has provided its customers with better options for Virtual Private Cloud (VPC) ingress routing. Customers will have to consider which works best for their needs.
AWS VPC Traffic Mirroring gives customers more visibility for out-of-band traffic inspection. This feature is another useful tool for monitoring in the AWS cloud.