We have looked at the current capabilities of DXL and some of the initial functionality that our partners are delivering. Now I would like to speculate on some of the interesting near-term possibilities that DXL enables.
When analyzing potential cyber threats, the current device, location, and application provide contextual information that helps make correct decisions faster. We have seen the early stages of this in the ubiquitous Microsoft Windows request to “Select your computer’s current location: Home network, Work network, or Public network”, which is used to select appropriate settings for the firewall. This is a good start, but DXL now enables us to be much more specific about the context, and to share that information with others.
For example, when I am travelling I know that public networks in airports and coffee shops are very insecure and even hostile environments. However, work certainly doesn’t stop when I’m travelling, and I cannot rely on the easiest precaution of not connecting to these networks at all. There are also many different ‘public networks’, from the very hostile airports in some countries, to the benign guest network at a customer site, and treating them all the same would result in too many restrictions in one area, or not enough in another.
With DXL, devices can gather and submit information about the specific location, type of device, authenticated user, and application, and receive immediate response on the appropriate security precautions. Add in some data loss prevention (DLP) signaling, and the security improves further. Knowing the sensitivity or classification level of the documents on my device, DLP can add additional constraints if necessary. It is probably OK for me to be sharing confidential documents at a customer location, but not in a coffee shop.
DXL works the other way, as well. By sharing information about my location and activities with the company’s security systems, they can act on potential indicators of attack earlier. For example, we are seeing an increase in the number of hacking or phishing campaigns targeted at specific individuals or departments, but also diversionary tactics that use a more obvious attack to distract from the real one. When an increase in phishing emails or password attempts is detected on my system, the security intelligence controls can increase surveillance of network traffic on my machine and the immediate area. Forewarned, firewalls in my network neighborhood are tightened, a greater number of suspicious items are sent for deep inspection, and alarms are set to higher sensitivity.
The increased communication that DXL enables works after a breach as well. If one of the security agents on a web server detects an unauthorized entry, or the network surveillance notices a change in traffic flow or content, local firewalls can quickly isolate the machine from the network, containing the invader. Signatures from malicious code can be quickly distributed to the network gateways and endpoint scanners, stopping any further advances.
These are just a few examples of the potential created by DXL and our partners. Imagine what the power of DXL and our partners will bring to your cyber defenses.