network intelligence platform™ · 2019. 12. 6. · iot and iomt devices, authorized and...
TRANSCRIPT
SOLUTIONGUIDE
NETWORK INTELLIGENCE PLATFORM™ The unprecedented proliferation of network-attached IT, IoT and IoMT
devices within the enterprise has dramatically expanded the attack
surface in organizations of all sizes and across all industries. Unknown
and unmanaged devices account for nearly two-thirds of all endpoints
on an enterprise network - posing significant risk today and even greater
risk in the future. In fact, Gartner estimates that IoT endpoints will grow
to 25 billion by 2021 and, meanwhile, an increasingly sophoisticated
network of cyberattackers are actively working to exploit known device
vulnerabilities. The consquences of a device breach can inflict significant
organizational damage – from financial loss and brand reputation, to
compromising critical medical therapies and patient life-safety. Analysts and
security experts agree: the time to take steps to mitigate IoT device risks is
now.
The Great Bay Network Intelligence Platform™ is designed to discover,
profile, and monitor all network-attached endpoints – in real-time
and without an agent. Our platform is the only real-time visibility and
enforcement solution proven to deliver device discovery, robust profiling,
continuous behavior monitoring, and flexible remediation at enterprise
scale. In fact, we have supported more than 1.5 million devices in a single
instance, the largest known deployment in the industry, and we have a
100% implementation success rate among our customers. Unlike other
tools on the market, Great Bay’s Network Intelligence Platform provides
complete visibility into all network-connected endpoints, including IT,
IoT and IoMT devices, authorized and unauthorized, across complex
wired and wireless networks. We arm IT, Security, Compliance, Clinical
and Operations teams with a comprehensive view of all endpoint risk
-- presented in an intuitive interface that enables professionals to quickly
identify, understand and mitigate risk within 2-3 clicks.
QUICK FACTS
• Agentless architecture
• Proven to scale to 1.5 million devices on a single system
• Multiple passive and real-time data collection methods
• Comprehensive device profile library – Thousands of pre-built device profiles, including IoT/ IoMT/IT devices
• Real-time behavior monitoring and active response
• Risk Intelligence, scoring & mitigation
• Granular device authentication and control
• Open platform with bidirectional APIs for seamless integration
• 6th Generation Product suite
greatbaysoftware.com
REAL-TIME BEHAVIOR MONITORING & GRANULAR CONTROLThe Great Bay Network Intelligence Platform™ analyzes the identity
and behavioral attributes of endpoints on the network and uses these
attributes to assign every device to a group, called a profile. Each profile
is a logical container holding one or more endpoints with similar function,
capability or other defining characteristics. When identified, the platform
attaches an Identity Score to the device. The Identity Score is calculated
based off the rule(s) in the profile that test true for the device. Profile
rules and Identity scores are used to determine which profile is the best
match for the endpoint.
The Great Bay Network Intelligence Platform™ identifies real-time events
such as endpoints being added to the network, duplicate MAC addresses
and changes in identity and behavioral attributes of a device. When one
or more attributes of a device change, the platform evaluates whether or
not the observed change warrants an adjustment of the existing endpoint
profile. If a change in profile is warranted, the solution transitions the
endpoint profile, triggers an event and automates a preferred remediation
action such as alerting, quarantine or port blocking. The Great Bay
Network Intelligence Platform™ can even automate a change in the
access provided by the authentication system for the particular endpoint,
thereby removing or changing network access permissions.
CUSTOMER BENEFITS
• Discover, profile and locate all your connected devices
• Assess and mitigate device risk
• Enable dynamic network segmentation
• Integrate with the ecosystem and orchestrate workflows
• Enhance existing asset management systems through real-time data updates
• Facilitate and plan network upgrades and end-of-life cycling
• Simplify and streamline onboarding of new devices during M&A
• Reduce or eliminate manual,
resource-intensive asset
inventory and profiling
processes.
• Meet compliance regulations by maintaining a comprehensive, up-to-date inventory of network assets
• Automate and speed remediation workflows and ensure security compliance and continuity
• Monitor device behaviors in real-time
• Verify device identity, authenticate and control
HOW THE GREAT BAY NETWORK INTELLIGENCE PLATFORM™ WORKSUNMATCHED VISIBILITYThe Great Bay Network Intelligence Platform™ both passively and actively
gathers informational device attributes from a variety of data collection
sources including DHCP, SNMP polling, SNMP traps, NetFlow/J-Flow/
sFlow, Active Directory, RADIUS Accounting, network traffic (SPAN),
DNS, just to name a few. Once collected, the rich, contextual endpoint
data is aggregated into our Warehouse of Context™ and continuously
leveraged to identify, locate, and monitor both managed and unmanaged
endpoints in real time. To outpace ever-changing new IT, IoT and IoMT
devices, our platform is supported by a crowdsourced AI/ML assisted
profiling system.
greatbaysoftware.com
DYNAMIC NETWORK SEGMENTATIONNetwork segmentation is a best practice for security and compliance that
is increasingly impractical to implement and maintain in large corporate
environments. While creating network security zones with access
control lists and firewall rules can be done, the cost, complexity and
administrative overhead of maintaining these address-based approaches
has become prohibitive.
The Great Bay Network Intelligence Platform™ applies device identity-
based network segmentation approach controlling the visibility of and
access to network resources at the earliest possible time. It dynamically
learns devices identity and automates network security policies and
actions aligned with the permitted devices profiles, without user or
administrator action.
RISK INTELLIGENCE & SCORINGThe Great Bay Network Intelligence Platform™ leverages and correlates
inputs from multiple risk indicators and calculates a risk score based on
each organization’s unque environment. These weighted factors that
influence the overall enterprise risk score can be weighted as needed,
and include identified security risks associated with device’s Operating
Systems, identified security issues associated with communication across
unsecured protocols, identified security risks associated with the device
profile of residence, and any ingested vulnerability and risk information
from external sources such as Vulnerability Management systems). The
platform calculates the risk scoring for each individual device and across
all connected IoT devices and enables teams to segment based on device
type and category. For example, a healthcare organization can look at
overall risk, as well as drill down on MoDT or IoT. The risk assessment and
scoring process is fully automated, and the risk scoring is continuously
updated in real-time.
greatbaysoftware.com
THE GREAT BAY DIFFERENCE
greatbaysoftware.com
WHY GREAT BAY
• Comprehensive Device Profiling Library
• Largest IoT Device Implementation
• Comprehensive Data Collection Methods
• Crowdsourced AI/ML assisted Profiling
• Real-time Behavior Monitoring• Granular Control & Active Response
• Risk Intelligence & Scoring
• Dynamic Network Segmentation
• Tight ServiceNow Integration
• NAC or 802.1X Enablement
• Vendor Agnostic
• Simplified Device Onboarding for M&A
• All-inclusive Subscription Model
• On Premise Data Model
• Intuitive Interface & Workflows
PROVEN INDUSTRY-LEADING SCALE & RESULTS• The Great Bay Network Intelligence Platform™ supports the industry’s
largest IoT device implementation, with more than 1.5 million endpoints
on a single production server deployed in HA.
• Great Bay Network Intelligence Platform™ capability to offload device
authentication from traditional NAC systems has supported a much
more robust path to scale in the enterprise.
• The Great Bay Network Intelligence Platform™ ships with comprehensive
device profile library – thousands of pre-built device profiles including
IoT/IoMT/IT device profiles library fine-tuned over 14+ years.
• Crowdsourced AI/ML assisted profiling system enables our platform to
outpace the ever-changing new IoT devices.
• Our comprehensive, passive and real-time collection methods enable our
platform to collect and profile information from numerous data sources
and feeds, including SPAN. Our flexible collection techniques reduce
the network traffic overhead, ease demand of scarce IP ports to support
SPAN only implementation required by our competitors and allow for
more cost-effective implementation at enterprise scale.
MODULARITY AND EXTENSIBILITY• Tight ServiceNow Integration: Our ability to tightly integrate with
3rd party systems including asset management systems provides a
framework from which automated workflows and ticketing processes
are tied to device discovery and profiling as well as incident response
to security events such as profile changes that could be the result of
compromised or infected devices.
greatbaysoftware.com
• The modularity and extensibility of the Great Bay Network Intelligence
Platform™ provides a high degree of scale and fault tolerance.
• Each collector not only provides data collection for profiling, identity
and behavior monitoring, but can also be part of the centrally managed
and fully distributed RADIUS authenticator with a local copy of the
endpoint directory onboard.
NAC/802.1X ENABLEMENT• For well over a decade our visibility has been used to enable, augment
and ensure the successful deployment of 802.1X and industry-leading
NAC systems including PulseSecure, Aruba’s ClearPass, Cisco’s NAC
Appliance.
• Great Bay Network Intelligence Platform™ can communicate directly
with the infrastructure through our event-driven active response to
quarantine, isolate, or instruct the network to re-authenticate a session
based on the detection of an identity or behavior change.
• Great Bay Network Intelligence Platform™ can be the device
authenticator or the reauthentication process would go through the
central NAC system.
• Great Bay Network Intelligence Platform™ supports a truly vendor
agnostic deployment.
FLEXIBLE ENFORCEMENT• The Great Bay Network Intelligence Platform™ provides Security and
IT teams with the ability to automate enforcement responses in order
to balance the unique security requirements of each environment. It
provides a wide-range of automated responds and remediation actions
like systems alerts, device re-authentication or quarantine, or port
bouncing or blocking to prevent a threat in real time.
ALL-INCLUSIVE SUBSCRIPTION MODEL• One cost: Hardware refreshes and unlimited support all included at no
additional charges.
PROVEN TRACK RECORD AND SOFTWARE MATURITY• Great Bay Software has been securing enterprises for 14+ years.
Industry longevity with a proven track record of successful deployments,
in-house expertise and SMEs.
• The Great Bay Network Intelligence Platform™ is the 6th generation of
the product suite running version 6.1.0 as of September 2018, and it is
currently deployed in large size IoT implementations.
CUSTOMER TESTIMONIALS
“If our Great Bay platform goes down, our world is coming to an end. We would lose $1.8 million dollars per minute.”
Security Engineer at Large Healthcare Provider
“I was impressed at how easy to use the platform was. After just one meeting, I was able to show the rest of my team how to navigate the interface.”
Medical Director at Large Healthcare Provider
“Every medical device vendor is unique making it a tricky job to secure those devices…We would not be able to have an 802.1X secured environment without this tool.”
Manager of IT at Large Healthcare Provider
www.greatbaysoftware.com+1.763.251.1400
©2019 Great Bay Software, Inc. All rights reserved. OV-PROD-012018-01
BUSINESS USE CASES
Real-Time Endpoint Visibility Obtain a deep contextual understanding of what is connected to network (particularly
medical and IoT devices) and where they are located, eliminating blind spots that
could be used as a point of entry or access to protected data
Endpoint Risk Intelligence & Scoring
Stay ahead of the rising number of endpoint-focused attacks through automated
identification, scoring and reporting of endpoint risk based on attributes such as;
endpoint OS, use of unsecured protocols, profile, and 3rd party risk data
Real-Time Automated Asset Inventory
Reduction or reallocation of FTE resources by replacing manual efforts with
automated discovery and profiling of all network-connected assets including;
traditional, IoT, medical, managed, and unmanaged devices
Device Authentication Enablement
Ensuring successful NAC or 802.1X implementation by leveraging Great Bay’s
Warehouse of Context™ as the single source of truth for endpoint authorization while
increasing the scalability and fault tolerance of 3rd party systems
Secure IoT Network Access &
Onboarding
Automated access control and onboarding of IoT devices through endpoint discovery,
profiling, device-based authentication, dynamic network segmentation, and time-
based sponsorship as desired
Identity & Behavior Monitoring Monitor for and alert on changes in endpoint identity or behavior that could be
indicative of endpoint compromise, infection, malfunction, or attacks such as MAC
spoof attempts
Eco-Systems Integration & Workflow Automation
Increase the efficacy of the security architecture and asset management systems
through the sharing of endpoint attribute data and context while enabling dynamic
ticket generation and tracking
Rogue Device Detection Eliminates risk through automated identification, location, alerting, and isolation of
rogue and unauthorized devices in real time
Contractor Device Differentiation
Identification of all contractor devices and clear distinction between contractor and
BYOD to support differentiated network access and reduce the financial burden
associated with device assignment and early depreciation of assets
M&A and IoT Adoption Support Identification-based device discovery and endpoint profile trending over customizable
time periods offer-ing real-time views and scheduled reports supporting M&A and
technology adoption initiatives
Outsource and Contract Verification
Validating and potentially reducing contract cost associated with 3rd-party
outsourcing contracts and over-purchase of licensing through the automated
identification, and profiling of all network-connected assets
Accelerated Incident Response Reduce the time to respond to security incidents by leveraging endpoint context and
real-time and historical location information
Segmentation Policy Monitoring & Enforcement
Streamline operations and strengthen security by dynamically assigning network
access by segment or VLAN to endpoints by profile and then monitoring, and alerting
when segmentation policies are compro-mised
Regulatory and Security Framework Compliance
Meet the real-time asset discovery and access control requirements to support policy
compliance such as PCI DSS, HIPAA, SOX, GLBA, NERC CIP, NIST 800-171