Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Threat Detection Systems Must Ferret Out the Most Sinister Intrusions

    By
    Wayne Rash
    -
    June 29, 2014
    Share
    Facebook
    Twitter
    Linkedin
      threat detection IT

      WASHINGTON, D.C.—Pretty much everyone has heard about the massive data breach that hit retail giant Target at the end of 2013, and there have been any number of people (including me) who have discussed ways in which the problem could have been avoided.

      What no one realized at the time is that Target’s intrusion detection system actually caught the breach when it was happening, but no one realized it.

      Before anyone goes and starts shaming Target, let me also add that there’s a big gap between detecting a threat and realizing that it’s a problem. Unfortunately, most intrusion detection systems produce so much in the way of information that it’s nearly impossible to decide which of the many thousands of potential security events are an actual threat and which are not.

      What hasn’t existed is a good way of filtering all of the results from an intrusion detection system so that someone can find the ones that actually matter. Worse, of the threats that are actually serious, it’s even harder to find the ones that matter in the context where they exist.

      For example, if you happen to run across the code for a serious worm on a computer, it’s a potential threat, but if the worm is designed to infect a Windows computer and it’s been downloaded to a Mac, the threat is significantly diminished, since it won’t execute there. But it’s still a potential threat since it could at least theoretically be passed along to a Windows machine through an infected email.

      To determine whether a threat is relevant, all you have to do is analyze the threat, identify its intended target and then analyze your systems and see if that threat will actually affect you. Easy, right? Well, not exactly. What you really need is some kind of automated assistance, but until lately it hasn’t existed.

      I realized that this had changed when I visited the Gartner Security and Risk Management Summit here and ran across Cyphort, a company that produces an appliance-based threat management product that does more than just flag suspected malware. The Cyphort Advanced Threat Defense Platform is designed to analyze threats and determine whether they can impact your enterprise, and if they do, whether they are threatening a critical function.

      The Cyphort platform works with other security hardware from Palo Alto Networks and Bluecoat, and it’s able to sort out the threats that can affect your network infrastructure and those that won’t. In addition, the platform will use information you provide to determine just how much of a threat some types of malware might be.

      Threat Detection Systems Must Ferret Out the Most Sinister Intrusions

      Had Target been using this product last year (sadly for Target, the new version 3.0 isn’t shipping until August) the company’s IT department would have at least had a better chance of discovering that the malware that took all of those account numbers from its POS network was a serious threat, assuming that the threat detection system had been told that the POS network was a critical part of the infrastructure.

      The knowledge of the network is an important part of the Cyphort platform’s configuration. When the platform is implemented, the customer has to rank what parts of the infrastructure are critical to the needs of the company and which are not. In Target’s case, the POS network was critical. But not every company has one of those, which is why it’s necessary to tell the platform what are the critical parts of the infrastructure.

      The Cyphort platform can also tell whether network objects need to be managed directly for threats or not. For example, a malware penetration of a computer that already has security software installed that is capable of killing the malware is a less urgent problem than malware that’s aimed at a computer without such defenses.

      This means the IT or CISO will know to dispatch a mitigation team to an unprotected computer where the malware attacked. But for the computer with appropriate malware protection, all they would need to do is to simply confirm that the protected computer actually handled its threat.

      What I liked about the approach to Cyphort’s platform is that it does two critical things that help the security team function more effectively. First, it filters out all of those thousands of discrete alerts so you see the threats that actually matter. Second, it prioritizes the threats so you know which need immediate action, which can wait until the most serious threats have been dealt with, and those that only need to be monitored because they aren’t immediate threats.

      In addition, the Cyphort platform is able to tell the difference between what the company calls “data stealing Trojans” and adware, which may be annoying, but isn’t otherwise particularly serious. The platform can also let gear from Palo Alto Networks and Bluecoat know what to block to help reduce the persistence of the threat.

      There are a lot of security systems out there and many of them are both effective and useful. Unfortunately, without some means of discriminating what you need to worry about immediately and what you don’t, these systems aren’t as much help as they might be. Being able to prioritize where to look first for the most serious threats can only help.

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×