Today’s CISOs are fighting fires on several fronts to keep their organizations safe. They’re being asked to do more with less, and defend against a barrage of increasingly sophisticated, targeted attacks alongside DDoS broadsides and other more traditional threats. But they must do all of this while their organization’s attack surface is growing all the time, thanks partly to an explosion in mobile device usage, cloud services and newly-discovered software vulnerabilities.
As if that weren’t difficult enough, many IT security chiefs have to work with one hand effectively tied behind their back thanks to the myriad of security point solutions they have in place. Often, these products were bought as “best-of-breed,” but their inability to communicate effectively with each other hampers effective defense.
Anatomy of an attack
A full threat defense platform should consist of four integrated elements across the entire threat lifecycle:
Prevent: Assess vulnerabilities to potential threats and proactively protect endpoints, servers and applications.
Detect: Spot advanced malware not detected and blocked by the first stage.
Analyze: Assess risks and determine impact of threats.
Respond: Delivers signatures and updates to prevent future attacks.
Unfortunately, more often than not, organizations don’t have a fully-integrated platform with centralized control across all four quadrants. This means threats can squeeze between the gaps and infiltrate the corporate network, causing destructive damage to hard drives, or hugely harmful loss of customer data and/or IP.
Here’s what could happen without a Connected Threat Defense approach:
- Our attack begins with the arrival of an email in a user’s inbox, complete with an attachment containing a zero day information-stealing threat. It could be stopped at the Prevent stage by any of: signature-based detection; behavior monitoring; vulnerability shielding; app whitelisting; or isolation tools.
- However, our zero-day threat has been designed to bypass all of these traditional techniques, which makes the Detect stage vital. Malware sandboxing and 360-degree network analysis can help to spot advanced malware which could be part of a targeted attack crafted to fly under the radar and lay hidden for weeks, months, or even years, exfiltrating your most sensitive data.
- But it’s not good enough to just detect a threat at this stage. It also needs to be analysed and assessed via endpoint sensors so that you can discover where the threat has spread in your organization and contain it. Fail with this Analyze step, and it could leave malware on your system. Next should come correlation with cloud-based big data threat intelligence systems to produce actionable intelligence which can be shared with all four threat defense quadrants to improve your overall cyber defense posture.
- After analysis of a sophisticated threat must come the Respond After all, if you’ve detected a malicious file through sandboxing or C&C traffic through network level analysis, a real-time signature must be created and immediately shared with all endpoints and gateway security components. Fail to do this, and that threat won’t be automatically blocked the next time it’s encountered – multiplying risk.This stage should also include damage clean-up to automatically clean computers of any malware and in so doing, maximize user productivity.
Integrated threat protection
In today’s threat landscape, the stakes have been raised as high as they can go for CISOs. Not only do you need security solutions in place that cover each of the four quadrants of the threat lifecycle as mentioned, but they need to integrate tightly with one another and be manageable from a single pane of glass.
This will simplify day-to-day tasks and threat investigations for the IT security team. But it is also vital because the threat intelligence generated can be fed back into the system and any signatures produced immediately shared. This means that threats will be blocked at stage one the next time they are encountered.
Trend Micro Smart Protection Suites, part of the Complete User Protection solution, combined with Trend Micro Custom Defense, protect, detect, analyse and respond in real-time to threats, protecting endpoints from even the most advanced malware. Most importantly, they can be managed centrally so there are no security gaps. Plus, they can be deployed on-premise, in the cloud, or as a hybrid solution to suit your business needs.
Trend Micro experts and customers will be at the Gartner Security Summit June 8-11 in National Harbor, Maryland, to discuss our security solutions work together to protect organizations against cyber threats. Visit booth no. 709 to learn more about our connected threat defense approach.
While you’re at the summit, be sure to attend our sessions:
Roundtable Discussion with Tom Kellermann, Trend Micro Chief Cybersecurity Officer
Monday, June 8 at 10:00 a.m. – Chesapeake D
Solution Provider Session with Dennis Pickett, Senior Manager of Information Security for Westat, and Tom Kellermann, Trend Micro Chief Cybersecurity Officer
Tuesday, June 9 at 9:15 a.m. – Maryland B