subscribe: Daily Newsletter

 

Protecting against today’s advanced threats

0 comments

Although companies are investing millions in cyber security solutions, stories of advanced cyber-attacks continue to flood the headlines on a daily basis. The attackers are succeeding, and are wreaking significant financial, operational and reputational damage to businesses of all types and sizes.

Gerald Naidoo, CEO of Logikal Consulting, says the existing tools and solutions aimed at protecting companies from advanced threats are full of gaps. “We see siloed detection and investigation solutions that make it highly difficult to share intel, and comprehensively grasp the scope of the attack. We see too many alerts, which cause confusion, and make it hard to focus rendition of the elements that matter. We also see too little automation that results in damaging delays from detection and containment, to remediation.”

He says Verint has developed a Threat Protection System that was specifically designed to fill these gaps, as it is based on a forward-thinking, three-dimensional architecture that includes comprehensive coverage dimension, visibility and protection across multiple attack surfaces, including networks, end-points and payloads, and integrated functionality including detection, prioritisation, investigation and protection.

According to Naidoo, the anatomy of today’s advanced threats means they occur in multiple stages, via multiple vectors, over a long period of time. “To address the issue of time, Verint’s solution was built to support not only real-time analysis, but forensic analysis too. It has the ability to move back and forth in time within a single solution.”

Moreover, it features breakthrough orchestration and automation capabilities, enabling intelligence sharing across the three-dimensional architecture.

Naidoo says the solution is based on an open, scalable and comprehensive platform that aids in the detection, prioritisation and investigation of advanced attacks and helps protect the business against future attacks.

“The product features many detection engines for malicious elements,  networked-based command and control signals, sideways movement and end-points, all in one, integrated platform, with an open architecture that facilitates integration with third-party detection engines. In addition, it employs and shares intelligence gleaned from across the “kill-chain” to better the detection probability and the lower the likelihood of false positives.”

The tool also features cross validation across detection engines and strong cyber analytics that were built to assist cyber analysts to focus on the most significant threats by lessening the noise in alerts and ranking incidents in order of potential severity. “Moreover, the product captures and records network, payload and end-point events, and its real-time and forensic analytics capabilities, help speed up the investigation, lowering the time from detection to resolution, mitigating any potential attack damage.”

Finally, the actionable intelligence generated by the system helps contain and remediate ongoing attacks, and better prepares the organisation, should any attacks happen in the future. Other features that make the solution stand out, Naidoo adds, are its ability to be rapidly deployed in a stand-alone mode, and then integrated with the company’s existing security infrastructure.