ESG Validation

ESG Lab Review: ThreatConnect TC Analyze Threat Intelligence Platform

Co-Author(s): Tony Palmer


Abstract

This ESG Lab Review documents hands-on testing of ThreatConnect TC Analyze to verify its ability to reduce an organization’s mean time to respond to security incidents and threats. We focused on how TC Analyze can help security operations center (SOC) and incident response (IR) analysts to enrich threat data and create intelligence about identified threats, import files or emails to extract potential threats, manage action items related to specific threats and incidents, and create customized dashboards.

Topics: Cybersecurity

ESG Lab Review: ThreatConnect TC Identify Delivers Threat Intelligence

Co-Author(s): Dom Amato


Abstract

This ESG Lab Review documents hands-on testing of ThreatConnect TC Identify and evaluates its ability to accelerate and simplify threat detection. ESG Lab focused on how TC Identify provides IT managers with the tools to configure threat intelligence from more than 100 open source data feeds and premium feeds that the organization subscribes to, summarize and score potential threats with insights from the ThreatConnect Research Team, and optimize data dissection by integrating with other tools such as a SIEM or firewall.

Topics: Cybersecurity

ESG Technical Review: Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

The Challenges

As organizations of all sizes embrace digital transformation and the shift to modern cloud architectures, their IT infrastructure is both growing and becoming more complex. Indeed, two-thirds (68%) of respondents to an ESG research survey said that their IT environment had become more complex in the last two years.1

Complex infrastructures have large attack surface areas, necessitating a variety of cybersecurity tools and techniques to protect them against ever-increasing volumes and sophistication of attacks. However, cybersecurity teams report numerous challenges managing an assortment of security products from different vendors, such as the inefficiencies created by having separate management and operations for each tool, cited by 27% of ESG research respondents as a challenge, or different tools for various parts of the IT infrastructure (24%), or the number of security tools making operations complex and time consuming (22%)

Topics: Cybersecurity

ESG Lab Validation: McAfee Enterprise Security Manager

Co-Author(s): Alex Arcilla


Introduction

This ESG Lab Validation report documents hands-on testing of the McAfee next-generation SIEM solution. ESG Lab focused on the McAfee Enterprise Security Manager (ESM), the core product of McAfee’s end-to-end solution for addressing comprehensive threat detection and remediation. Testing was designed to explore how the solution accurately detects advanced threats using a layered approach, the speed and effectiveness of responding to an attack, and the operational efficiencies of this integrated solution.

Topics: Cybersecurity

ESG Lab Review: ForeScout Extended Module for IBM BigFix

Abstract

This report provides a first look at the key benefits of integrating ForeScout CounterACT with IBM BigFix endpoint management and security solution. ESG Lab focused on how the ForeScout Extended Modules can combine ForeScout’s endpoint insight, classification, and control capabilities with IBM BigFix. This integration is designed to discover and classify users and devices, verify the presence and operation of BigFix Agents, enforce compliance, and take automated host or network actions when needed.

Topics: Cybersecurity

ESG Lab Review: High-fidelity Breach Detection with Acalvio Autonomous Deception

Abstract

This ESG Lab Review documents hands-on testing of Acalvio ShadowPlex autonomous deception. We focused on how easy it is to deploy ShadowPlex at scale, and how Acalvio’s deception technology provides high-fidelity low-volume breach detection.

Topics: Cybersecurity

ESG Lab Validation: Forcepoint Cloud Access Security Broker (CASB)

Co-Author(s): Alex Arcilla

Introduction

ESG Lab evaluated the Forcepoint Cloud Access Security Broker (CASB) to validate how it secures the use of any cloud applications across an organization’s users and endpoints. We tested how the Forcepoint CASB provides visibility into an organization’s cloud applications and its users, identifies and assesses the potential risks associated with the cloud applications, and automates threat prevention and policy enforcement.

Topics: Cloud Platforms & Services Cybersecurity

ESG Lab Validation: Advanced Cloud Security with Check Point CloudGuard IaaS

Co-Author(s): Alex Arcilla

Executive Summary

ESG Lab evaluated Check Point CloudGuard IaaS to validate that it provides adaptive security in cloud environments via agile and automated deployment methods, while enabling unified management and control across different cloud platforms, specifically those leveraging VMWare NSX, VMWare ESXi, Amazon Web Services (AWS), and Microsoft Azure.

Topics: Cloud Platforms & Services Cybersecurity

ESG Lab Validation: ThreatConnect TC Complete Security Operations and Analytics Platform

Co-Author(s): Alex Archilla, Domenic Amato

Introduction

ESG Lab evaluated the ThreatConnect threat intelligence, analytics, and orchestration platform, TC Complete, to validate how it enables organizations to identify, manage, and block threats. We also gauged the extensibility of the platform to enable users to adapt and create automation for their processes, rather than forcing them to adapt their processes to ThreatConnect’s paradigm.

Topics: Cybersecurity

ESG Lab Review: ForeScout Extended Module for Splunk

Abstract

This report provides a first look at the key benefits of ForeScout’s bidirectional integration with Splunk Enterprise and Splunk Enterprise Security (ES), with a focus on how the ForeScout Extended Module can combine ForeScout’s endpoint insight, access control, and automated response capabilities with Splunk’s correlation, analysis, and search features. This integration provides visibility into and control of managed and unmanaged endpoints while helping security teams better understand their security risk posture and respond quickly to mitigate security issues.

Topics: Cybersecurity Data Management