The number and complexity of cyber threats leveled against enterprises of all sizes these days is staggering. There's everything from advanced persistent threats created by well-sponsored nation states to disgruntled insiders looking to make a fast buck or enact revenge for some perceived wrongdoing.
In fact, one of the biggest problems faced by security professionals is that there are just too many threats to deal with, no matter how large a staff is employed. Large organizations can be faced with turning back thousands upon thousands of threats daily. The only way to deal with such a caustic environment is with automation.
We recently reviewed several automated incident response programs. HawkEye G from Hexis, was still in development at the time, but now it's ready and being deployed commercially. Network World was the first and only publication invited to review this new offering.
In our testing, we found that Hawkeye G does a great job of identifying threats, blocking, removing them, while also locking things down so that they can never return.
Detection, prevention, response
Using the same methodology as in our previous roundup, HawkEye G was tested against three key elements: detection, prevention and automated or recommended response. The focus with this product is the response side of that equation, though it scores highly in all areas. While a human being is not required to be in the loop on every decision, HawkEye G does a good job of keeping humans in control of what is essentially a fully automated product.
Because HawkEye G is designed to work with hundreds and thousands of systems, no attempt to test scan performance was made, though it was observed running on a test network protecting thousands of clients. Instead, attacks were made against protected systems in both physical and virtualized environments of a small testbed.
The automatic response of the HawkEye G system was recorded, and then the administration console was examined to see how much information was provided to system administrators about the actions taken. The balance of how much of the HawkEye G product was automated, how much required human intervention, and the administration component of setting that balance was given particular emphasis in the testing.
HawkEye G is installed as an appliance, which makes the physical deployment rather simple. You do need to open up a hole in your firewall to allow the device to communicate with the Hexis Security Operations Center, where information about new threats is collected and pushed out.
HawkEye G can be tuned to accept threat feeds from Hexis, an independent feed if an organization has its own security operations center, any number of commercial feeds, or all of the above, as long as the data is expressed as a .csv file. As part of the hardware installation, a bot trap, deep packet inspector and a partition manager is also installed.
Sign up for CIO Asia eNewsletters.