Centripetal Networks Network Protection System v2.1
February 02, 2015
Starts at £40,062.23
This is an interesting product. It collects threat intelligence data from a variety of sources, including its own organisation, and applies that intelligence to manage network protection at the enterprise. By partnering with a number of threat intelligence providers and several technology vendors, Centripetal's Network Protection System (NPS) provides what the company refers to as Active Network Defense.
NPS operates in such a way as to provide support for analysts, systems operators, CxOs and executive management. That means that it produces the sorts of outputs that are uniquely useful to each of these groups. Because the difference between actionable intelligence and the flow of threat data from internet sensors is noise, the object is to get rid of the noise so that the actionable data is exposed. That is an important layer of NPS functionality.
AT A GLANCE
Product Network Protection System v2.1
Company Centripetal Networks
Price Starts at £40,062.23.
What it does Active network defense merging cyber-threat intelligence and security stack management.
In each of the cases above, NPS not only provides the unique kind of data needed by the particular audience, it focuses that data in the ways most useful at that level. So, for example, for the analyst, NPS focuses on the data, matching the analysis to the expected analyst workflow. For the system operator, the focus is on managing the security stack. And for the executive, NPS provides situational awareness and presents data in the form of effective use of resources and budget. These varying perspectives result in a completely unique approach to actionable cyber-threat intelligence.
The heart of the NPS is the RuleGate threat intelligence security layer. This is an appliance that manages five million threat indicators at wire speeds up to 10Gbps. It is policy driven and enforces its policies across the enterprise correlating internal hosts and external threats. It is not intended to be a standalone solution to the security challenges of the enterprise. Rather, NPS works with other network security components to improve its overall security posture.
The analyst's tool is QuickThreat. This is an application that tracks indicators and correlates them to the internal behavior of the network.
In addition, NPS uses a management console for the RuleGate. It manages the appliance, applies policies which are managed by the policy manager and sets the appliance's parameters. You can avail yourself of the standalone version of NPS or the global version. There are some intelligence feeds from external sources, including open source and Centripetal's own, but you can purchase commercial feeds through the platform itself. Those feeds - for example, CrowdStrike - integrate directly into the system, which consumes, integrates and correlates the data as part of QuickThreat.
Rule sets are easy to use and the user interface is clean and comprehensive. The system looks at both inbound and outbound data flows - to spot exfiltration - and tracks TOR exit nodes. The UI is web technology, but it is a custom implementation that uses a wrapper for browser compatibility. This is a serious system built from the ground up - no customised off-the-shelf appliances here - by Centripetal in the United States.
OUR BOTTOM LINE
This is an industrial-strength integration of cyber threat intelligence with system management. It plays well with other network security tools because it was designed from the ground up to do exactly that. As well, it consumes threat intelligence and converts that into actionable intelligence that can be applied to a SIEM or other tool. It is easy to configure and has a rich feature set at the executive, system operator and analyst levels.
There is a lot to do and see here, and the complexity of the threatspace is reflected somewhat in the system and its tools. This is not a down side particularly, but if you really want to make this tool dance you will need to have a rather full understanding of where you want to go and how you think that you need to get there. Then configure your tool set to do the job. That is especially important because although there is a lot automated here - especially the RuleGate - the NPS does something that we really like: It also recognises that there are some things that take a human, and it leverages its resources to make that effective. But to get the most out of it you need to be a pretty effective human in your own right.
So, our bottom line here is this is a notable tool and certainly one of the best integrations of intelligence and security stack management we've seen. However, it is not for the faint-hearted. But then, playing in today's threatscape isn't either.
Prices are US based and therefore indicative only.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry