Why Dynamic Isolation Is Superior to Quarantine
Cybercrime has rung up $2 trillion in losses. It will cost businesses an estimated $5.2 trillion worldwide within five years. The average cost of a breach is nearly $4 million. Even more alarming, the University of Maryland says a cyberattack takes place every 39 seconds.
So, it doesn’t require a mental leap to imagine that one of your machines is infected. In fact, that’s probably the reality within your enterprise network at this very moment.
How do you contain the threat – quickly – before it spreads and does major damage?
The answer is by isolating it.
But there are different approaches to isolation, and some are clearly superior to others.
You Can’t Trust Compromised Machines to Address Cybersecurity
Traditionally organizations have attempted to contain threats by relying on software on the infected endpoint itself. But cybersecurity professionals who employ legacy endpoint detection and response (EDR) solutions should examine the rationale behind this approach. That should include considering whether they can trust anything on an endpoint that is already infected.
The answer is clearly no. That’s because it may take a while to realize that a machine has been compromised. The Ponemon Institute says the mean time to detect a breach is 197 days.
By the time you realize a machine is compromised, you can’t trust the applications on it.
That’s the Achilles’ heel of legacy quarantine solutions. And it’s not the only one.
Traditional Technology Doesn’t Look Around – or Look Ahead
We live in a connected world, and many connected devices are attached to enterprise networks. Gartner estimates that 5.8 billion enterprise and automotive IoT endpoints will be in use in 2020. That’s a 21% increase from 2019.
Connected machines can quickly spread an infection on one machine to many other enterprise devices. Cybersecurity team members need to prevent that from happening.
But traditional EDR systems were not designed to think forward. They don’t consider how security events can impact the rest of the ecosystem. In enterprise IT environments in which multiple machines are interconnected, this approach simply does not work.
In Bricking Devices, Quarantine Also Blocks Business
Quarantine, a traditional cybersecurity approach, treats infected devices by “bricking” them, making them useless. When that happens, the applications (and people) that use the bricked devices are locked out. They cannot perform the tasks they typically do on those devices, and business operations stop.
Using a traditional quarantine solution can be extremely costly for businesses and inconvenient for their customers.
Imagine the device is a server in a distribution center that dispatches 800 packages per minute. If you brick this device, you lose the capability to support 800 customers every minute. Plus, you may lose your ability to meet your customer service level agreements.
What if the bricked device were a payment processing system? If you traditionally quarantined that, your customers couldn’t buy your products and services.
Your business loses money every minute a machine is down and cannot be used.
Unisys Stealth® Dynamic Isolation™ Is Different – It Keeps Business Working
Organizations that employ Stealth™ Dynamic Isolation don’t experience such losses due to traditionally quarantined devices. They don’t have to trust compromised devices or leave the ecosystem’s cybersecurity to chance, either.
Stealth™ Dynamic Isolation enables endpoints to continue working even when they’re in safe mode. That’s very different than quarantine, which completely takes down compromised and vulnerable endpoints.
The dynamic isolation feature of Unisys Stealth® isolates only the port or protocol exhibiting anomalous behavior. It allows operations and security incident response teams to access the endpoint and use their current processes and technologies to remediate the incident remotely. It acts as a protective suit, leaving the rest of the business and systems functioning.
As a result, businesses can continue accepting sales transactions, dispatching packages and doing other important work. Business associates don’t sit idle while they wait for service to be restored to their endpoints. And businesses can continue generating revenue, meeting their business goals and serving customers.
This Stealth™ Feature Acts Fast and Looks Forward
Stealth™ Dynamic Isolation works fast to isolate the threat and prevent further contamination. It protects both the device that is compromised and the machines around it.
That can prevent a single breached machine from evolving into a major cybersecurity incident. Because once malware like ransomware is inside your enterprise, you’re in a race against the clock. Your cybersecurity solution has to move faster than the malware.
Stealth™ Dynamic Isolation – which applies security policies to devices quickly and automatically – can do that. This Unisys solution moves machines to a new community of interest in less than 30 seconds. That isolates them from the compromised endpoint, reduces your attack surface and keeps your business running.
And It Works Just as Quickly to Restore the Machine to Its Original State
Stealth™ Dynamic Isolation also restores machines to their original status once the threat is removed. This Unisys solution does that quickly and easily, too – and it’s entirely automatic.
In fact, it returns systems to their original state at the same speed that it isolates them.
Stealth™ Dynamic Isolation Is the Best Way to Contain Endpoint Infections
Today’s cybersecurity landscape calls for solutions that act fast to prevent compromised machines from expanding the attack surface. Stealth™ Dynamic Isolation is such a solution.
And it’s unique in the marketplace.
Stealth™ Dynamic Isolation protects the device that is infected. It shields from harm the devices around it that are not yet compromised.
It allows machines to continue operating while the cause of the threat is identified and remediated. It returns the machines to their original status as soon as threats are eliminated.
And Stealth™ Dynamic Isolation keeps systems, people and businesses working all the while.
Salvatore Sinno is the Chief Security Architect and Director of Cybersecurity Innovation at Unisys.