Multi-Vendor Network Security: From Backlog to Blocking as a Service

For large organizations, maintaining network security means monitoring and managing access, blocking, and responses across distributed multi-vendor infrastructure. Teams use multiple tools and platforms in their security stacks so they can update policies and respond to threats across every network domain and cloud environment.

However, this creates a challenge for network security teams, operating manually or using multiple tools to automate across an array of tooling, responses to immediate threats can be slower.

What happens when a domain or IP is flagged for blocking? How quickly can teams block the entity across every end system in the network? If security personnel are swivel chairing between different systems to block access to different services, the network is vulnerable for longer, creating unnecessary risk. Ensuring security across a distributed network requires a new approach.

When an entity such as a URL, domain, or IP address is flagged for blocking by a network security system, this change must be reflected in many different end systems. Doing this manually would mean delaying for vital seconds or even minutes while potential security threats maintain access to components of their network due to its size and complexity.

For example, if a threat needed to be blocked under the traditional model, team members might first go to Zscaler to make a change Then, they would swivel-chair over to Panorama to make another change. This goes on. And any end systems or integrated tools would require manual attention as well. Each step takes valuable time.

When one of our customers faced this challenge, Itential’s platform provided integration capabilities needed to connect with all their SOAR solutions and activate workflows to immediately block threats. As a result, the team could build workflows that would trigger when any alert came in from any SOAR platform to block a flagged domain or IP across all their infrastructure within seconds.

By building a universal middle layer between their threat response SOAR systems and their network and IT systems, now, regardless of which security system or service creates and delivers a blocking request payload, it triggers the same process. First, a given system generates a payload, and then an Itential workflow takes in that payload, translates it into different formats, and follows a chain of automation logic to alert integrated systems to block the relevant entity and complete the request.

Now, across complex hybrid infrastructure, across every system and location, any entity that is flagged by any security system — domain, IP, URL, anything — can be blocked in a matter of seconds. The security team stated that this same process could take the SOC team several minutes, a window during which the network would be at risk. This is true going forward as well. In the future, when they need to adopt new SOAR platforms or migrate away from old ones, they can use Itential to do it seamlessly, simply by building a new workflow following the same pattern as the rest. You can get more detail in the full customer story here.

In a recent webinar, Itential’s CTO Chris Wade sat down with S&P Global’s Head of Network Architecture, Guru Ramamoorthy, to discuss their network automation journey and how their operating model has evolved. This is a great example of using Itential to integrate multi-vendor security posture. Guru speaks about their blocking strategy and the way they use our technology to orchestrate responses across multiple clouds – watch below.

Our platform’s integration and orchestration capabilities are transforming the way our customers manage network security. Reducing the security risk of distributed networks allows organizations to continue to innovate and maximize their infrastructure investments.

Interested in more real-world automation success stories? Take a look at this page to hear straight from our customers.