How to Contain Threats Faster With Security Orchestration
Infoblox and Rapid 7 announced today new integrations that help alleviate operational hurdles when it comes to threat containment.
SOC teams are faced with daily challenges when dealing with potential threats:
Silos between teams and tools
Network and security teams tend to be separate organizations, each with their own systems and priorities. The network team must ensure network availability whereas the security team is focused on risk mitigation. Both teams have independent logging systems that don’t share information with one another. This makes security and incident response efforts unnecessarily burdensome, due to manual, inefficient, and untimely data sharing.
No knowledge of threat context
Context can be defined as the environmental information required to take the right action – the Who, What, Where, When. Today’s security teams face a lack of context around incidents. If a malicious event is detected, just dumping that information into a SIEM without any context could make it hard to correlate events appropriately and take any timely action. SOC teams are faced with so may alerts and have no way to prioritize which ones to address first. They also lack visibility into network data.
Lack of automation
Security tools can’t take action automatically based on network activities like when new hosts join the network or when DNS security tools detect malicious activities. It is a manual process to assemble data from multiple sources and take action.
The Infoblox and Rapid 7 integration enables security operations teams to overcome these hurdles with better context, automation and consolidated threat intelligence. Infoblox technology together with Rapid 7’s vulnerability management solution enables organizations to automate scanning when new devices/hosts join the network or when malicious activity is detected, even if it is in-between scheduled scans. This reduces the chances of potential suspicious activity going undetected during scan gaps. The outbound notifications from Infoblox to Rapid 7 happen through RESTful APIs.
- Context-Based Action: Vulnerability scanners lack visibility into devices and end hosts including valuable business context like device type, device location in the network, associated user(s), and event timing. By sharing such actionable network intelligence, Infoblox provides Rapid 7 context around new and/or infected network assets in near real time to help prioritize scanning and remediation. Infoblox provides visibility across a diverse infrastructure - on premise, private/hybrid or public cloud environments, including visibility into virtual workloads.
- Improved efficacy of security investments already made: Customers have already made big investments in security technologies like vulnerability management. Infoblox can optimize and improve the efficacy of solutions like Rapid 7.
- Compliance Enforcement and Audit: Infoblox provides up-to-date information about network devices, including non-compliant hosts for more efficient vulnerability management and compliance processes. It also provides valuable network information for audit reports.
To learn more, read this solution note.
Find the full press release here.