Endpoint-driven Network Visibility

Modern Networks

Today’s enterprise networks are diverse and distributed. Bring-your-own-device (“BYOD”) has turned the internal network into the wild-wild west. Remote offices and acquisitions have added less trustworthy devices into the network. Not only that, many devices are often on-the-road and connecting from external coffee shops or airports with no internal network connectivity at all.

How do we re-gain control of our devices in such a complex and quickly evolving ecosystem?

Knowledge Is Power

It starts with knowledge. Knowledge is what gives IT and security teams what they need to act.

Visibility into endpoints is the most effective obtain this knowledge in this type of environment. The migration to cloud-delivered applications is reducing the need for Virtual Private Network (“VPN”) connections while simultaneously eliminating the effectiveness of network, perimeter-based security controls.

Endpoints are the new perimeter.

The endpoint is where attacks happen and where data ultimately lives. Obtaining network visibility directly from the endpoint is a more flexible approach that meets the needs of this dynamic network.

Asset Inventory

DarkBytes Collect’s Asset Inventory feature is a continuous and historical asset inventory that combines endpoint-based visibility with cloud-delivered security analytics. It automatically monitors and tracks assets based on sensor data from the endpoint.

Information that is most critical to IT and security teams such as hostname, username platform, IP address, and MAC address are available at the click of a mouse.

Traffic Inventory

Next we need to get a better understanding of the network traffic that these assets are generating. The Traffic Inventory enables this type of visibility.

Network connections, including the process details that created them, are continuously logged and stored for up to 90 days. This data is also automatically correlated to geo-location databases to enable easy data exploration.

We can see some traffic going to Russia on the map. We can simply add a filter to the “Country” column in the table to bring that data up.

The culprit looks like Google Chrome as denoted by the “Name” column. Clicking the IP address from the “Remote Address” column opens VirusTotal. This provides quick identification the traffic for an investigator.

Conclusion

Visibility into assets and network traffic are critical components of a healthy IT and security practice. The combination of endpoint-based sensors and cloud-delivered analytics provides an optimal way to obtain this visibility in today’s diverse and distributed enterprises.