Raising the Bar for APT Protection : Security Intelligence 2.0
Advanced Persistent Threats (APTs), or Advanced Targeted Threats as Gartner calls them, are now top of mind with security professionals, C-level executives and Boards of Directors.
All brands – as well as major events such as the London Olympics — are now being targeted by ever increasingly sophisticated attackers and techniques, whether the intent is to steal corporate intellectual property (Lockheed, RSA), disrupt websites to bring attention to a particular cause (FBI, MPAA), or steal customer data (LinkedIn, Epsilon, etc.).
Regarding APTs, Charles Kolodgy, VP of Security at IDC, was recently quoted in this article from Network World:
IBM Tuesday introduced what it’s calling a “next generation” intrusion-prevention system (IPS), an offering that not only is designed to stifle network-based attacks, but adds application-level controls and URL filtering capabilities typically found in separate products such as Web security gateways … With the XGS 5000, IBM wants to maximize its influence with IPS buyers (IBM ranks only behind Cisco with 13.2% of the $1.88 billion market, according to IDC) …
IDC security research analyst Charles Kolodgy says the IBM XGS 5000 does represent a new kind of IPS-based product that “improves network, user, and application awareness” and “vastly improves an IPS’s ability to provide full network protection, especially trying to uncover custom malware and stealth attacks perpetrated by advanced persistent threats.” APT is the term use to describe stealthy attacks to try and steal sensitive corporate data.
Although the term “next-generation IPS” is starting to be bandied about, IDC is still pondering the usefulness of this phrase or whether a new category entirely should be established that “goes beyond either firewall or IPS.”
“The uniqueness isn’t so much in the application layer and URL [visibility], a lot of products have that, but it’s in the ability to set up security at the user level (like the next-generation firewall), correlate that information (in this case with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files,” Kolodgy explains.
The article continues to discuss APTs: Indeed, IBM says the appliance’s integration with IBM’s Advanced Threat Protection Platform, which utilizes anomaly detection and event correlation capabilities, enables users to better address more complex attacks such as Advanced Persistent Threats (APTs).
My point for this post is to highlight our most recent offering at IBM Security Systems, the Network Security Protection Platform, and specifically how it may indeed be ushering in what I call Security Intelligence 2.0.
Perhaps this graphic represents the foundation of Security Intelligence 2.0:
What the heck, Q1 Labs put “Security Intelligence” on the map as a new term years ago, in the context of SIEM + Log Management + Configuration & Vulnerability Management + Behavior Anomaly Detection + Deep Packet Inspection. Do you see why we called THAT Security Intelligence?
Now with our Next-Gen IPS being tightly coupled with other related components – as in XGS + QRadar + Anomaly Detection + X-Force real-time threat intelligence feeds — I assert we have raised the bar. And if some leading industry influencers actually said we did, even better. Fact is, when Q1 Labs started talking about Security Intelligence we did not think of it as a “category” but as a better way for customers to both proactively and defensively address what are now commonly called APTs (sorry Gartner).
In other words, it’s not about defending against the latest advanced threats with a new “box” that has more bells and whistles – it’s about tying a range of information sources together with analytics to quickly identify behavioral anomalies, and minimizing false positives so you can quickly remediate the most important threats.