“With OverWatch, you not only get the technology and the knowledge that they’re constantly building on, but you also get a security analyst who is looking at what’s going on with your data and your network and telling you immediately if they see something abnormal,” Phillips says. “Then, if we get an alert, we use our EDR tool to go back and do some digging: ‘What happened around the time this detection occurred? Were there other subfiles written to the disk? Did it write anything into the registry? Is everything clean now, or not?’ It gives you a lot more confidence that everything has been properly remediated.”
The media evaluation and insight firm Comscore has applied proactive threat detection to its email security, which is still the most common entry point for hackers. The Reston, Va.-based company, which employs 1,700 people, does business with “clients and products that would usually be flagged as spam or malicious in some way,” explains Clayton Gibson, a senior enterprise messaging engineer with Comscore. “As a result, our email security has to be a little more lax than usual while also still being robust enough to keep our users shielded from legitimate threats.”
The security team deployed Barracuda Networks’ Total Email Protection bundle in combination with Barracuda Advanced Threat Protection, an integrated cloud-based service that analyzes traffic across all major threat vectors. Legitimate links are still sometimes obscured, Gibson says, but the solution provides enough flexibility that the security team can easily exempt those domains and senders from ATP.
“If a user does click a link, they are now taken to a secure site alerting them as to whether the link is safe or not, prior to getting to the actual site,” he explains. “So user exploitation has been considerably lower. In fact, we haven’t had an incident since we implemented the new solution.”