2. Threat Detection
In a few short years, as enterprises have opened themselves to Internet-based commerce and remote users, security has moved from a perimeter-based model with all policy centered on the firewall to distributed security. Security is now focused on hosts, applications and the content of information moving out of the organization.
Moreover, we’re seeing growing incidence of highly targeted attacks, such as the attacks on NASDAQ and other high-profile companies. Sophisticated, targeted intrusions are typically multi-staged and multifaceted, difficult to detect and very difficult to eradicate; advanced persistent threats (APT) are characterized by the tenacity of the attackers and resources at their disposal.
An over-arching intelligence should be applied to the diverse security technologies that have been developed in response to the evolving threat landscape. As noted in the discussion of security context, an activity that appears innocuous to one part of an infrastructure may be revealed as a threat when that data is correlated with other sources. So, for example, an attacker may disable logging, but can’t shut down network activity. Proprietary applications may not produce logs; some parts of the network may be without firewalls. Security intelligence can still identify the applications and services running between that host and the network in these cases and flag a potential threat.
No comments:
Post a Comment