2nd Edition

Tracking the trends and news for IT and IT Security

Paul

The five styles of advanced threat defense

The five styles of advanced threat defense
Networks Asia
Gartnerâs report, âFive Styles of Advanced Threat Defenseâ defines technical âstylesâ that are ways to tackle the threat of stealthy attacks, sometimes called advanced persistent threats, beyond simply using traditional security, such as anti-virus or firewalls. According to Gartner, itâs central to first think about the timeframe of an attack aimed at stealing critical data. In short, Gartnerâs âFive Stylesâ of defense are: Style 1 â Use Network Traffic Analysis techniques to establish baselines of normal traffic patterns, (for example anomalous DNS traffic could indicate botnet traffic) and highlight anomalous patterns that represent a compromised environment. This approach offers real-time detection and can include both non-signature and signature-based techniques, and endpoint agents arenât required. But the challenge is it might require âcareful tuning and knowledgeable staff to avoid false positives,â Gartner points out. Style 2 â Network Forensics typically provide âfull-packet capture and storage of network trafficâ as well as analytics and reporting tools for incident response of advanced threats. Style 2 â Network Forensics typically provide âfull-packet capture and storage of network trafficâ as well as analytics and reporting tools for incident response of advanced threats. The downside. These tools can be complex and costs ârise with the amount of data and the retention time.â Sometimes generating reports needs to be done off-hours due to how they analyze large amounts of data. Style 4 â Endpoint Behavior Analysis is based on the idea of âapplication containment to protect endpoints by isolating applications and files in virtual containers. The strength of this approach is blocking zero-day attacks, provides some basis forensics, and protecting systems whether they are on or off the network, but the challenge is that deploying and managing the agent software is operationally intensive and particularly hard in bring-your-own-device (BYOD) environments. Style 5 â The last style in the Gartner style catalog is Endpoint Forensics, which involves tools for incident response teams. The challenge in using them, though, is they can be operationally intensive to deploy and manage, and support for non-Windows endpoints is quite limited.
Link: https://www.networksasia.net/article/the-five-styles-of-advanced-threat-defense

Categories:

Tags: