Preparing for the Big One: Security Intelligence as the Centerpiece of Advanced Threat Protection
Melissa Stevens 270005B76W MELISSAS@US.IBM.COM | | Tags:  cybersecurity security-intelligence xforce security
0 Comments | 3,862 Visits
Not every security breach is the result of an advanced persistent threat (APT). In fact, only a small fraction probably are. But the industry is buzzing about APT’s today because the business impact of an APT can be massive. Victims of these attacks are keenly targeted, and a successful breach can expose customer data, financial data, intellectual property and other information assets. Recovering from this kind of attack can be a costly and long term challenge, since trust takes years to build, but moments to destroy. Regaining the confidence of customers and other stakeholders is inevitably the most difficult part of recovering.
Perhaps surprisingly, APT targets aren’t always Fortune 500 corporations and government agencies. It was reported that one long-running APT compromised real estate firms, construction companies and even a national Olympic committee. The lesson is that any organization with information of value to others is a potential target.
Do I really need to worry about an APT attack?
Given how many firms have been breached without realizing it, and the persistence of determined and well-funded adversaries, it’s best to assume you will be breached some day (if you haven’t been already). There’s no telling if a truly advanced and persistent attacker will target you, but many organizations are preparing for the worst. That way, even if a less-than-advanced threat puts your firm in its cross-hairs, you’ll be equipped to quickly detect and defend against the attack. This is where security intelligence comes in.
What is security intelligence?
Security intelligence is a new class of solutions that provides unified visibility and real-time analytics across your entire environment. It bridges the numerous information silos that exist – from security and network devices to server operating systems, applications, endpoints and infrastructure resources, plus external threat intelligence. It analyzes more unique types of data to provide a more complete and accurate picture of threats. In doing so, Security intelligence helps you shift your security posture from reactive to proactive, and your visibility from fractured to seamless.
By consolidating data silos, security intelligence solutions can provide deeper insight into seemingly unconnected or non-risky activity. They correlate and analyze massive data sets to help you distinguish real threats from “noise,” and help reduce false-positive alerts by using more contextual data and smarter analytics.
Where security intelligence adds the greatest value in defending against APTs is through anomaly detection. An advanced adversary seeks to breach your environment as quietly as possible and once inside carry out its exploration and data theft without leaving any obvious signs of mischief. To identify this stealthy intrusion, you need to find the subtlest hints of suspicious activity and then analyze as much contextual data as possible surrounding them, to distinguish the “signal” from the “noise”.
Anomaly detection capabilities establish a baseline of current activity through observation over a period of time, and then alert you to activity that exceeds normal behavior. There are any number of different items you might want to monitor – from user activity to database access to outbound network traffic – all of which can yield rich security insight and provide an early warning signal.
To learn 6 best practices for anomaly detection and gain more information about building an APT defense strategy with security intelligence, download the X-Force Trend and Risk Report. It also provides a wealth of other security tips, trends and insights from the IBM X-Force Research and Development team, covering mobile security, BYOD policy and the emergence of Mac malware.