More than 300 new security threats are detected every minute. Ransomware and malware are growing at double-digit rates, and mobile malware grew 72 percent in the last quarter of 2015. In the face of advanced targeted attacks, full vector protection and a timely response are major challenges for security teams across every sector. Most organizations rely on a multi-vendor, siloed security infrastructure in which products don’t communicate with one another, allowing attacks to penetrate gaps and invade a network.
IT security staff shortages and a lack of automated processes create these inefficiencies and lapses in protection. Plus, existing security infrastructures lack integration of the inspection, intelligence gathering, analytics, and enforcement components of an enterprise security architecture. These essential elements constitute the underpinnings of cybersecurity best practices known as the protect, detect, and correct process of incident response.
What’s the solution? Integration. Instead of buying the entire “best of” list (the best end point protection, best firewall, best IPS), organizations should be adopting security systems that talk to each other, regardless of the vendor. Knowing how that works and why it’s necessary will help you further strengthen your IT security.
What is adaptive threat prevention?
An adaptive threat prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats. This model makes active sharing of data and accelerated cross-control processes possible, and leverages the strengths and experiences of every security control for the overall security infrastructure.
Adaptive threat prevention systems help overcome the common fences that impede detection, response, and any chance of improved prevention. The data each security control generates and the context of each situation are often poorly captured and seldom shared within an organization.
Rather than treating each malware interaction as a standalone event, adaptive threat prevention integrates processes and data through an efficient messaging layer. This is what it looks like in practice: When a user opens an email with an attachment, the system checks that file to determine its safety. If the file is deemed safe to open, it will let the user proceed; if not, the system will alert the user, as well as other users in the environment, that this type of file is dangerous. The system will also alert other security layers to stop this file from executing. The anti-malware could block unknown payloads coming from known bad addresses if it’s enabled to think beyond the payload or examine IP addresses.
This approach reinforces levels of inspection and analysis, which are informed by expanded forms of intelligence. It also connects end-to-end components to generate and consume as much actionable intelligence as possible from each contact and process.
Building blocks for adaptive threat prevention and response
An adaptive system’s components are all capable of communicating through a common language. One way to understand it is to compare it to social media: Some accounts share information, some listen but don’t share, while many do both.
This connectivity allows the entire environment to monitor itself. If a threat does penetrate an endpoint, the system will track the intrusion and see where it spreads; by identifying the culprit, the system connects the dots of where it came from, how to stop the bleeding, and how to quarantine it. The quicker the intrusion is detected, the quicker it can be corrected.
That’s the local level – an organization’s IT security infrastructure stops the spread of intrusions with better communication among its individual parts. But these systems can also be integrated with global threat intelligence models that monitor and update systems based on current and evolving threats.
Creating an agile and collaborative security ecosystem
Twenty years ago, an IT environment was secure enough with just an antivirus program. Now, IT needs a multitude of protections to safeguard the gaps and ward off the barrage of different threats.
To stay ahead of evolving threats, every organization must secure its IT environment through constant communication and integrated security; it’s always better to be proactive than reactive, so a security environment that actively monitors and identifies threats is superior to a system that reacts after the network is infected.
Through better information exchanges, IT can ramp up security while actively monitoring what’s happening on the network. Strength in numbers and constant communication is the new paradigm in security, and tools that integrate many different systems only help foster this increased level of security.
To learn more about how this technology ecosystem can strengthen your organization’s security posture and efficiency, reach out to your SHI account executive.
About the author
Chance Hoover, named a 2015 CompTIA Channel Changer, is a Channel Marketing Manager for Intel Security. Outside of regular marketing duties, he also heads up the Intel Security Technical Forum, an annual technical training conference for channel partners, and supports other channel events such as Partner Summit. Additionally, he serves as an evangelist and go-to resource for Intel Security’s Digital Safety Program for children.