One concept that the DoD space leverages, which this new company may bring to the enterprise space, is the Positive Security Model. This concept, when leveraged on firewalls, ensures only known good ports/applications are opened... whereas in the enterprise space we typically allow all 65k TCP Ports outbound and look for negative events. Which model do you think is best equipped to address 0-day threats? :-)
Question #1 - how many of your threats are blended (email & web)? Most I suspect. As such, your users rcv emails that look much like this:
Question #2 - how many of your users are clicking on those links? Again... most I suspect. Wouldn't it be nice if they went to a landing page like this:
Question #3 - wouldn't it be nice if that landing page could leverage sophisticated real-time web security technologies to determine if a threat existed at point-of-click... like this:
How is this a Positive Security Model? It is because we (ESPO Systems) have put our trust in the Websense URL Database. (The industry's most critically acclaimed.) Let us explain: If a URL is unknown/uncategorized by Websense, we've decided to wrap it and send our users to a landing page for real-time inspection. If the website is clean, they are allowed access. In summary, only known good links are allowed into our organization... much like the Positive Security Model only allows known good applications on the firewall.
No comments:
Post a Comment