Exploring With Outpost 4.6
We recently hosted a webinar for our customers, walking them through some of the new features in Sentinel Outpost 4.6, showing off a few tips and tricks, and answering a few questions. Read on for a quick summary of the presentation, and click here to watch the webinar.
Outpost 4.6 has been released in the wild for about a year now, with a couple interesting updates along the way. We thought it was time to review the expanded features that strengthen our customers’ security posture and enhance their network performance.
One thing we have focused on in Outpost is to block as much bad traffic and noise as possible before it gets to the firewall. It reinforces our position on the network as the first line of defense for incoming traffic, and the last line of defense on outbound malware and beaconing. To that end, we’re leaning on new enriched attack data beyond just geo-filtering by country, and looking at information we consider more relevant, like ASN (Autonomous System Numbers).
It also helps that all events are now classified beyond simply a priority. Each event is now tagged with a group such as malware, scans, probes, or exploits. This is another feature meant to reduce the time you have to spend finding the issues that matter most.
All of this data enrichment can be leveraged in the new filtering features, as well. Users can also manage their threat intelligence feeds, and make their own intelligent decisions about how to deal with the traffic coming from questionable sources and locations.
With all this new data, when we shut the door on a bad actor, we’re going to log pretty much everything they attempt to do afterward. That gives us – and you – more information on the attacker and helps to clarify potential false positives as well.
Here’s a quick look at some of the key Outpost features:
Threat Intelligence Platform. Through CINS, we implemented threat intel before threat intel was cool, but it hasn’t always been easy to access that information on the Sentinel. Outpost’s new Threat Intel Platform adds configurable threat feeds, geo-filtering, and the IP Explorer tool, which gives powerful insight into the blocked traffic on the Sentinel – it’s an incredibly useful tool for hunting down malicious traffic and finding pesky false positives.
Enhanced Filtering. Whether it is by country, ASN, IP address, port, or other factors, Outpost’s data enrichment through IP Explorer allows you to find the information you want more quickly. You can filter through any number of classifications, showing a summary of all the IP addresses that fit that criteria. Then you can dig into them and research them as needed.
Alert-Only Networks. Rather than face a choice between whitelisting and blacklisting, letting everything through or blocking everything, this offers a middle ground. You might call it “graylisting.” When you put a source on the list, you will be alerted to anything potentially harmful, but it won’t be blocked. This is valuable when dealing with mission-critical third-party vendors and suppliers you don’t trust completely.
Executive Summary Report. This new report makes it much easier to convey to others in your organization the security provided by Sentinel Outpost. It’s meant to provide a high-level, periodic update to executives in language they’ll understand.
In addition, we added a couple standard security features: Two-factor authentication and a configurable timeout.
We build these tools not just for our customers – we use them every day, too. So we understand the importance of making them easy to use, understand, and implement.
Ted has worked with network security and web technologies for almost 30 years, beginning his career as a full-stack web engineer and transitioning to network security. He now guides Nomic and its supporting initiatives, including CINS Active Threat Intelligence.