One of the problems with a lot of endpoint security is that it is disconnected from the wider malware analytics that are taking place at the network level. This means that attacks are not reported quickly enough to network security tools to enable them to identify and capture any network traffic associated with the attack. The result is a security gap that can be exploited by malware writers.
In the press release Blue Coat highlights two new use cases that this integration will deliver:
- Remote file analysis via Blue Coat’s Malware Analysis Appliance: Carbon Black will be able to send unknown files to Blue Coat’s Malware Analysis Appliance for detonation and analysis. This closes the gap where attacks via off network devices such as USB sticks would evade detection.
- Empowered Incident Response via Blue Coat Security Analytics: When responding to an attack it is now possible for administrators to track where a file has been executed and to launch remedial action if required. This might include forcing the device off the network until it has been scanned and cleaned.
Blue Coat looking to widen its detection window
There is a growing acceptance among security vendors that the current silo approach of endpoint detection, network detection and security driven behavioural analysis is a problem. The complexity of attacks that users face mean that while each silo might detect part of the attack bringing them together means that they will have a better understanding of the attack and therefore be able to defend it more effectively.
It is this approach that drove IBM to hand control of many of its software products to the security division. It meant that products could be built into a single system and could therefore be fully integrated and tested with each other. This announcement does not go that far but if the two vendors improve their integration between the products, it will widen their security footprint and reduce the attack surface on endpoint devices.
Peter Doggart, vice president, business development, Blue Coat said: “Uniting network security and endpoint detection and response is crucial. By integrating our network analysis and analytics platforms with Carbon Black, the leader in endpoint detection and response, Blue Coat is providing customers with a truly comprehensive end-to-end solution—from complete network to endpoint visibility and detection, to swift and effective incident response and remediation.”
Conclusion
IT security is becoming an increasingly competitive market. Each week seems to bring a new set of breaches, malware, start-ups, new products and announcements like this one. The problem for all security vendors is that they can no longer rely on being best of breed. To be effective they have to be part of a platform.
At the moment this is being done through alliances and greater product integration between vendors. Going forward we are likely to see a wave of mergers as vendors realise the cost and effectiveness of integration is better served by being a single company. It will be interesting to see if this announcement leads to even more closer links between the two companies.
Blue Coat is agreeing a lot of deals with other companies to widen its appeal. As well as this deal it agreed a deal in August with Cylance. The fact that it has added endpoint security on top of the Cylance deal suggests that customers are still keen on traditional endpoint tools and Blue Coat is covering all its bases by taking on overlapping solutions.
