Traditionally individual security devices that can detect a cyber security threat (firewalls, intrusion detection, log analysis) operate as an isolated network device and that upon detecting a threat will generate an alert that will then have to be manually reviewed before any action is taken. Even more capable devices such as intrusion prevention devices will only be able to take an action that is locally significant and in response to a single threat.

The self-defending network is a network that has been designed and built to not only detect and report on threats but to then automatically take action to defend against the attack and limit the impact. This is achieved by integrating the individual security devices into a single, coherent security platform that enables the network to isolate a suspected device based on an alert, regardless of which device detected the threat. This enables a perimeter intrusion prevention device to not only block outbound malware control traffic but to then cause the network to isolate the device that was the source of the traffic.

Designing and implementing a self-defending network is not straightforward as it requires a deep understanding of a number of underlying technologies and usually security products from different vendors. NGTS can help provide the necessary expertise required in order to configure the individual devices and technologies into a cohesive solution that will form a self-defending network.