Intelligence-aware threat detection and mitigation

1. Summary

Creating a strong IT security posture is a challenge. Growing quantities of data must be analyzed to protect organizations from advanced security attacks and there is a shortage of skilled IT security personnel to manage the task. Organizations must focus on constructing a robust process for rapid threat detection, incident response, and mitigation – stopping attacks before they can cause damage or a data breach. To achieve this, they should employ a combination of big data security analytics, intelligence-aware security controls, and automated response to reduce risk and business disruption.

Organizations are under increasing pressure to do a better job defending their customers’ data against cyber threats. While fraudulent transactions may only obtain hundreds of thousands or a few million dollars from individual businesses, according to a U.S. Federal Reserve triennial study of payment processing, aggregated the total accounted for $6.4 billion in 2012.

Advanced malware gets onto systems undetected by traditional antivirus scanners and often, like a terrorist sleeper cell, does nothing but periodically “phone home” to a command-and-control server until it receives orders from headquarters to unleash the attack. Or it can be programmed to spread laterally on the network to steal credentials and reach critical servers and databases.

This report will help CIOs, CISOs and other IT security personnel understand the threat and where to focus on constructing an effective defense.

Key findings include:

• Today’s threats are more effective – with attackers who can accurately target more valuable information using spear phishing and advanced persistent threats. Compounding the problem for enterprises, regulation is growing.
• Threats can successfully invade an organization because they look like legitimate content (emails, URLs, webpages, etc.) and are delivered through the same channels as legitimate communications (IP addresses, ports, protocols, web domains, etc.).
• Targets of advanced attacks, such as large enterprises and small-to-mid-sized businesses (SMBs), must divert time and resources to prevent attacks – and even more time and resources to repair and rebuild if the attackers breach their defenses and penetrate their information systems.
• The information-security industry is drastically under-evolved in the realm of automation and often avoids proactive measures because mistakes could have a negative impact on the very enterprise it is charged with facilitating. But to combat automated security threats, security must also be automated.