The cyberthreat landscape is ever-evolving and the level of sophistication from cybercriminals is always increasing. Networks are not impenetrable. Alarmingly, 79 minutes is now the average time from when an attacker compromises a network to when they start to move laterally, infiltrating the rest of the network. (1 CrowdStrike Report, 2023)
Organizations are struggling to cope, and the firewall bears the brunt of expectations – not to mention the accountabilities – in defending the outer perimeter.
Firewalls, whether traditional. next generation, on prem, or cloud (FWaaS) – are overwhelmed. A firewall is meant to act like a digital defensive perimeter fence around your company’s IT infrastructure. However, advanced threats often use malware variants capable of evading the firewall controls, allowing the threat actor to penetrate the network and access mission-critical data. Additionally, they cannot keep up with the vast volumes of reconnaissance traffic coming into an organization, nor cope with the highly dynamic threat environment.
Security teams are managing a deluge of events via their SIEM, and struggle with an inability to act effectively and efficiently. Alert fatigue occurs when cybersecurity professionals are inundated with a high volume of alerts, many of which are false positives or low-priority events. This can result in analysts becoming desensitized to alerts, overlooking critical indicators of compromise, and ultimately missing potential security incidents.
One of the main contributors to alert fatigue is the overwhelmed firewall. Traditional firewall solutions are designed to inspect network traffic and enforce security policies, but they struggle to keep pace with the scale and sophistication of modern cyber threats. As a result, firewalls generate an overwhelming number of alerts, often inundating security teams with irrelevant or redundant information.
Cybersecurity and information security professionals need to ask themselves, are the firewalls I have in place fit for purpose? Can they keep my organization safe? Do I have a multi-layered approach to my cybersecurity posture? How many logs and events am I recording daily? Are my employees aware of and trained when it comes to malicious traffic entering my organization?
At Centripetal our advice is to have a layered security strategy. The most effective network layer approach is an intelligence-based defense or what we call intelligence powered cybersecurity. We partner with many firms that already have enterprise class firewalls, where our CleanINTERNET (R) service enhances internet threat protection and sits in front of the firewall. The results?
- Reduced firewall logs and SIEM ingested events requiring human review by 90%-95%
- Identified and mitigated DDoS type scans and reflection attacks
- Blocked spam, VoIP fraud, remote access fraud, targeted phishing, malvertising, and intrusion attempts on public-facing services (RDP, eCommerce, web apps, FTP, Telnet/SSH).
- Shielded against latest phishing link clicks from internal assets
- Discovery of previously embedded Advanced Threats including infected assets (printers, laptops, UPS) and the discovery of unknown IoT, BYOD and other assets
- Identified and blocked external reconnaissance of IoT assets (HVAC Smart Panels)
- Identified shadow IT assets actively under attack
For more information contact sales@centripetal.ai or request a demo here.
1 Average time to compromise network – https://www.crowdstrike.com/press-releases/crowdstrike-releases-2023-threat-hunting-report/
