Integration and Simplicity in Advanced Threat Protection
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Emneord:  detection intelligence threat advanced protection security network
0 kommentarer | 5.013 besøg
Guest post by Brian Fitch, Product
Manager for IBM Security.
The intensity of the threat landscape is constantly increasing and evolving. As a result, we have seen a lot of corresponding innovation in security technologies and services, often times from small businesses. While we all want to see advances that improve the global state of information security, the realities imposed by budgets and skills shortages mean that complexity has become the enemy of security in more ways than one. This is not to say that one vendor will ever have all of the answers for you, and we certainly don’t claim to be that, but there is a reason you are seeing a continued consolidation around both platforms and vendors. When organizations think about the long-term investments and strategy they have to ask the question, “is what I’m buying actually going to make me more secure?” and often times, that answer is very much related to the questions “am I adding more complexity or reducing it? Am I increasing my visibility and understanding or do I now have another thing I’ll never manage well?”
Mitigating risk while lowering cost is a daunting task and it requires deploying and managing security processes and technologies across your people, data, applications and infrastructure. Ideally these security technologies will have the ability to not only prevent attacks but also be able to provide a central reporting environment the IT department needs to validate that its technologies are indeed performing their tasks without interfering with the day to day work of the company’s employees. In the event of a breach, a single repository of security logs is also essential to incident response and determining root cause.
With the rise of Next Generation Firewalls (NGFW) and Next Generation Intrusion Prevention Systems (NGIPS), new options are available to consolidate protection technologies. There is promise in this area but IT departments should be cautious and ensure that the new technologies are, in fact, new and do not fall short in key requirements for keeping the business running. Furthermore, they should be confident that the products satisfy the key requirement of adding capability without complexity. Ideally, the lives of security professionals should get easier.
One of the ways to ensure that you are actually improving security without adding complexity is having a good capabilities around data analysis and security intelligence. The truth is that all of these technologies can generate lots of data and security teams might find themselves overwhelmed without automated tools to help. Your Security Information and Event Management (SIEM) product should be able to consume data from all of your security products being deployed. These technologies, when working together, will help improve protection against today and tomorrow’s security risks by providing the security professional with the data he or she needs to make critical decisions, and make them at the right time.
More about the author: Brian Fitch is Product Manager for IBM Security. He has been in the information security industry for over 12 years. Brian currently manages the GX IPS and XGS NG-IPS line of appliances. Prior to his product manager role, Brian was an Internet Security Systems (ISS) Systems Engineer for a decade.