Expanding a RESPOND System

Expanding a RESPOND System 2024-10-11T15:27:22-05:00

The basic RESPOND system provides a lot of functionality and a significant uptick in cyber defenses in a very short time. That’s because it provides a different type of protection—looking at the internal networks behind the existing edge protections of firewalls, EPP/EDR client software, NAC and other tools you now have and spend a lot of time using. The basic RESPOND installation ties into your existing firewall so that you can use it to remediate and block any found malicious behavior. This can prevent the downloading of malware and the uploading of data. This is but the first part of a potential remediation network that forms the back end of any RESPOND system.

If you have extra ports in your existing firewall, you can use those extra ports to expand your remediation network. Reconfigure some of your critical network segments to pass through your firewall—one good example is to pass traffic from your internal networks through your firewall before that gets to your data center (a process called internal segmentation). Configure those new firewall ports to provide nothing more than basic firewall services, which should put little burden on your firewall. Then the RESPOND system can tell your firewall to block malicious devices from accessing your data center. No more ransomware attacks on your servers!

You can also extend that device blocking to other parts of your internal network, by adding inexpensive network filters at critical junction points….at the entrance to a data center, or wherever a local network connects to a WAN. Then malicious devices can automatically be blocked from going through that filter. These filters have about a $500 one-time cost.

You can also tie RESPOND into a couple varieties of network switches and wireless access points, and that integration is available at no extra cost. This means that the blocking done by the network filters can be extended to the very edges of your networks. If you are contemplating any kind of network upgrade, built-in compatibility with RESPOND might be a good feature to be taken into consideration as you choose your network hardware.

If you are contemplating the acquisition of a NAC, know that some varieties of NAC can be used to automatically block and quarantine any networked devices discovered by RESPOND to be infected or malicious.

So, RESPOND can tightly integrate with some types of firewalls, with some types of wired and wireless network equipment, with some types of NAC, and with those network filters to build an integrated and fully automated discovery-and-remediation system that can find and get rid of those unwanted devices in a matter of one to two seconds. THAT represents the most cyber-secure network you can have.

Next: Respond Includes a SIEM