Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

Integrated Threat Defense: On the Big Screen and the Computer Screen

Integrated Threat Defense Provides Better and Faster Protection

Integrated Threat Defense Provides Better and Faster Protection

Over the holidays, as I watched the movie Guardians of the Galaxy with my kids, it struck me that times have changed when it comes to fighting the bad guys. Sure we still see Batman, Spiderman, Superman, even the Lone Ranger, in movies. But in today’s real blockbusters super heroes are joining forces, combining their complementary superpowers in the universal quest for good over evil. X Men: Days of Future Past was another big hit in 2014 based on the premise of ‘strength in numbers’ and Avengers: Age of Ultron will carry it forward in 2015 and is sure to be wildly popular, like its predecessor.

It got me thinking that we need to look seriously at what it means to join forces to more effectively combat and defeat the bad guys from a cybersecurity perspective – not only from an industry standpoint, but also from a technology standpoint.

The threat landscape is ever evolving and always advancing with tailor-made, stealthy threats that evade traditional, point-in-time security defenses. Instead of relying on a single attack vector, an advanced attack will use whatever unprotected paths exist, often combining paths in a blended method, to reach its target and accomplish its mission. Cyber criminals go to great lengths to remain undetected, using technologies and methods that result in nearly imperceptible Indications of Compromise (IoCs). At the same time, modern networks are also evolving, extending beyond traditional walls to include public and private data centers, endpoints, virtual machines, mobile devices, and the cloud.

Data CenterIn today’s dynamic IT and threat environment, point-in-time solutions lack the visibility and control defenders need to implement an effective security policy that addresses advanced threats. And disjointed approaches only add to capital and operating costs and administrative complexity.

Converged solutions that combine two or more security functions together on a single platform attempt to address these shortcomings. However, simply consolidating security functions on one appliance is far from adequate. The level of integration, if any, is typically limited to device management and post-event analysis – where data is combined into a single repository (often in a SIEM) for later manual analysis. This visibility and analysis aren’t automatically correlated in real time and made actionable to quickly contain and stop damage, or shared throughout to prevent future attacks. And the data gathered is evaluated only once – a snapshot in time – not continuously, so that we forfeit opportunity to systemically ‘tune’ defenses based on new telemetry and intelligence.

It should come as no surprise then that for the last few years the Verizon Data Breach Investigations Report has revealed that most breaches are found by law enforcement and other third parties – not by the breached organizations themselves. To make security investments more effective, what’s needed is a comprehensive approach with tightly integrated threat defense across the extended network and the entire attack continuum – before, during, and after an attack.

A tightly-integrated threat defense system stands apart because it facilitates sharing of ‘context’ and intelligence between security functions in a way that immediately informs the whole and speeds detection and remediation. For example, suspect malware observed on an endpoint could help to automatically initiate further inspection from network sensors. There could be a multitude of possible further actions, including restricting privileges for involved hosts within the suspect file’s path, until they can be inoculated.

Advertisement. Scroll to continue reading.

Each security function must be tightly integrated for truly effective multi-layered protection against the full spectrum of attacks – including known and unknown attacks. This is done by gathering telemetry data across the extended network and encompassing all attack vectors for full contextual awareness, and then analyzing it continually to surface IoCs that would otherwise go unnoticed. With these IoCs, we can prioritize events and stop threats sooner, hopefully before much damage is done, essentially providing an ‘early warning system’ for unknown cyberattacks.

Integrated threat defense provides better and faster protection at multi-gigabit speeds – before you have a known signature, before valuable data is stolen, and before a third party discovers and alerts you to the breach. And it does so while simplifying an organization’s security architecture with fewer security devices to manage and deploy. By gaining full contextual awareness that is continuously updated, defenders can assess all threats, correlate intelligence, and optimize defenses.

There are other aspects of joining forces, besides integrating security functions. At the industry level, open source is a valuable tool for defenders as they rapidly innovate to close security gaps and gather great intelligence about potential threats. New open standards and efforts to create, share, and implement custom application detection and custom IoCs empower defenders to further reduce the attack surface and better identify anomalous behavior. The ability to share real-time threat intelligence and protection across a community of users is another prime example of working together for greater security effectiveness.

Attacks will continue to evolve as will our IT environments. Integrated threat defense is a dynamic foundation that allows us to include an expanding list of super heroes that work in concert, sharing their findings to protect across more threat vectors and thwart more attacks.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...