The Endpoint Security Challenge
Digital innovation continues to transform corporate and public networks at an unprecedented pace. And some of the most dramatic areas of innovation are happening at the ever-expanding edges of the network. The number of endpoint and edge devices connected to corporate resources continues to grow exponentially, while remote access to data from these devices is faster and easier than ever. And with the advent of true 5G just around the corner, edge computing is only going to become a larger component of today’s expanding networks.
At the same time, new advanced threats targeting endpoint devices, including file-less malware that executes directly in the memory space and increasingly targeted ransomware, are exposing organizations to increasing risk through their endpoint devices. According to the Verizon Data Breach Investigations Report for 2019, the time from an attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes. However, 56% or breaches took months to discover.
The response by too many organizations, however, has been to deploy multiple, siloed security products, the bulk of which is focused on prevention. But the truth is, 100% prevention is not possible. The result is a fragmented, complicated security architecture that can actually make detection and response more difficult. Because disparate security solutions do not actively participate in centrally coordinated threat activities – including triage, threat intelligence sharing, remediation, and forensic analysis – they can actually delay an organization’s ability to detect and respond to threats. The result is not just a slower, less effective endpoint threat response, but a less secure network overall.
What’s needed is the ability to quickly detect a threat quickly, and contain and remediate it, and share that intelligence across the entire distributed network so systems can all get back to normal as fast as possible.
Fortinet Adds EnSilo to its Security Portfolio
To address this growing security challenge, Fortinet today announced it has completed the acquisition of enSilo, a privately-held advanced endpoint security company headquartered in San Francisco, California. enSilo uses a robust set of endpoint security tools to deny attackers from achieving their ultimate goals, while stopping the damage by automatically contain a threat, stopping data exfiltration, and preventing ransomware data tempering.
According to Ken Xie, Founder, Chairman of the Board, and CEO of Fortinet, “As businesses become more networked and operations extend from the cloud to the edge and Internet-of-Things, the digital attack surface has expanded exponentially and has become more complex to secure. Manual or point security solutions are ineffective when managing or securing these new environments. Instead, security and the network need to be integrated to enable advanced threat detection at network speeds. In acquiring enSilo, we add automated, real-time detection and response enhancements to our Fortinet Security Fabric to further protect endpoints and corresponding edge data.”
The enSilo suite of endpoint security solutions not only includes automated detection and response, but the ability to be seamlessly integrated into the larger Fortinet Security Fabric framework, further enhancing visibility while driving corporate security policies deeper into endpoint devices. enSilo capabilities include:
· Automated protection against advanced threats, coupled with incident response services provided by a team of cyberthreat experts.
· Patented code-tracing technologies not only thwart attacks, but also prevent data exfiltration and ransomware. This also helps ensure PCI, HIPAA, and GDPR compliance.
· Lightweight agent (less than 60mb) provides protection parity across multiple operating systems, including Linux, Windows, and macOS.
· Unique coordinated security for the Internet of Things (IoT) through integrated access control and endpoint security functionality.
· Flexible on-premise and cloud deployment with multi-tenancy and the ability to scale to hundreds of thousands of endpoints, whether on or off the network.
Integrated Endpoint Protection Provides Better Network Security
Dave Gruber, senior analyst at the Enterprise Strategy Group (ESG), remarked, “According to ESG research, 76% of organizations find threat detection and response more difficult today than two years ago. Vendors like Fortinet are tackling this problem by constructing an integrated security platform across endpoints, network and cloud infrastructure. The move to natively add enSilo’s automated EDR capabilities to the Fortinet platform should improve and accelerate alert correlation, leading to faster threat detection and incident response.”
Prior to this acquisition, enSilo was already a fully integrated member of the Fortinet Security Fabric-Ready Partner Program. Its endpoint detection and response (EDR) technology was already being used to complement FortiGate Next-Generation Firewalls, FortiSandbox, and the FortiClient Fabric Agent by providing an additional detection and enforcement layer to reduce the time to detect, investigate, and remediate malicious attacks.
Through this acquisition, Fortinet will now extend eSilo’s effectiveness even further through additional integration with Fortinet’s FortiSIEM solution, FortiInsight UEBA (user entity behavior analytics) features, and the FortiNAC access control solution. As a result, enterprises will gain superior endpoint visibility and tightly coordinated, dynamic control of network, user, and host activity, extending security seamlessly across their entire distributed network, from their endpoints out to the multi-cloud, their core network, and their branch and other remote edge locations.
MSSPs will also be able to extract the full value of this new addition to the Fortinet Security Fabric to deliver a comprehensive and efficient Managed Detection and Response (MDR) service that can complement other services, especially those leveraging tools integrated together through the Fortinet Security Fabric.
Fully Integrated Edge Security is Essential for Today’s Networks
The hallmark of the modern network is the rapid expansion of the network edge. New IoT and endpoint devices, bolstered by high performance, robust functionality and new business applications, have expanded the potential attack surface. This in turn has raised the bar for having a fully integrated security solution that no longer operates in isolation and can extend visibility out to these emerging edges. The integration of enSilo further strengthens Fortinet’s integrated security portfolio with broader EPP and EDR capabilities that protect the customer’s network edge.
Read the announcement news release.