Network Cloaking - A Secret Weapon For Managed Network Detection & Response
If you recall the cloaking device from so many Star Trek episodes, Network CloakingTM is designed to do essentially the same thing – hide the network entirely and circumvent any trouble that comes from being seen. Many security solutions leave networks (and their open ports) exposed to outside forces, leaving the security team to deal with the noise and risk from inbound probes, scans, pings, and exploits that come from bad actors doing their best against an open target. What if you could shut down these threats, and made it look like your network wasn’t even there? That is what Sentinel’s Outpost can do for your organization.
How Network Cloaking happens on the Outpost
Sentinel’s Outpost is positioned just outside of the firewall, right behind your ISP connection. It’s quite literally at “the outpost” of your network, acting as the first line of defense. From its strategic location, it shields everything behind it, such as the firewall (and it’s open ports, vulnerabilities, etc.), and everything else on the public network (DMZ, web servers, etc.). Consequently, with the Sentinel Outpost in place, malicious traffic doesn’t even make it to your firewall in the first place.
How is “cloaking” different than typical inline devices? Sentinel doesn’t only block malicious traffic one packet at a time … it shuts the door against malicious actors completely. When encountering a bad IP, firewalls will typically drop the malicious packets in question and move on. However, that still leaves the door wide open for the (still malicious) IP to try other tricks, enumerating open ports on the network. By shutting down all subsequent network communication with the IP in question, the Outpost ensures that any further attempts are automatically thwarted. Not only is the intended malice halted, but that malicious IP can’t do anything beyond. No trying to reach a web server over any typical ports, but also no trying to scan across different ports; no further contact of any kind. To that IP, your cloaked network will look invisible.
The difference in our approach
While geo-filtering and threat intelligence might exist on other tools across the network including Firewalls and Endpoint Detection and Response, certain elements set us – and our Network Cloaking – apart.
First, the location is on the extreme edge of the network. You are quite literally taking a network cable from your ISP connection, plugging it into the Outpost, and then taking another cable from the Outpost and plugging it into whatever would normally connect to the ISP – whether that’s a switch or the firewall itself. It’s as far out on the edge as you can get, and serves not only as a net to catch early signs of trouble but also as a shield to hide the entire network at the earliest sign of an attack.
Second, another technique that makes Network Cloaking possible is our proprietary rogue packet technology. When traffic approaches the Sentinel, it activates the mechanism that checks to see if it has a right to be communicating with your Sentinel device. If it doesn’t, then it is prohibited from proceeding any further. Again, the network goes dark to the bad guy. This little tripwire was fortuitously discovered a few years ago, and has served as a catch-all for any exploits that manage to bypass the threat intel lists, blocked countries, or other deep packet inspection methods. It’s very simple, and still very effective.
Also, there’s a difference in the quality of threat intelligence baked into the Outpost. Our Collective Intelligence Network Security (CINS) threat feed is constantly gathering real-time intelligence from our Sentinel devices in the field and updating all Sentinel devices accordingly. The Outpost also pulls from community feeds for the best possible all-around exploit detection, all ahead of your firewall. This automatic information sharing, coupled with superior threat detection, provides a completely autonomous method to reduce the drudgery of manual quarantining, investigating, and threat hunting, freeing your team to focus on more critical tasks. The Outpost also drastically diminishes noise and false positives, two factors that often lead to security fatigue.
One step ahead to keep your network secure
While threat feeds enable the Outpost to monitor for the “known bad”, we all know cybercriminals are evading defenses whilst continuously evolving their tactics. Without being able to spot those nascent threats, organizations are simply outmatched. One way to combat these is to block the malicious origins of nefarious scanning activity. The Outpost implements geo-blocking ahead of the firewall. It can block IP ranges by country so you can disallow any traffic from countries you don’t do business with. One benefit of this tactic is that if it’s caught before, at the Outpost, your firewall will be hidden from view. If the threats don’t make it that far, they can never make it inside your network.
The Outpost also autonomously examines suspicious traffic, such as network scans, and exploits. Since you never really know which traffic is malicious until it has detonated a payload or otherwise gone too far, Outpost can dynamically block that source from communicating with the network – and that means the whole network.
Sentinel offers a level of network detection unique in its scope among managed security solutions. By combining state-of-the-industry solutions with an innovative protective strategy, the Outpost creates an ingeniously simple security approach to outsmart so many of the exploits plaguing organizations today. There’s no better way to combat malicious exploits than to be able to avoid them entirely. To do so, it helps to pull your security out a layer – to the level of the Outpost.
Learn more about how Sentinel IPS can help protect your business.
Put Us In Your Corner.
We back you up with managed threat protection, visibility, and support, 24/7.