Consider technologies that offer continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, mobile devices and network infrastructure - physical and virtual. Smarter security solutions use the data related to your specific environment and automation to help you make more informed and timely security decisions. Visibility into file activity is equally important - knowing file heritage, behaviour, and network trajectory provides additional context, or indicators of compromise, which help to determine malicious intentions, impact and accelerate remediation.
Big Data Analytics - Security has become a big data problem. You need technologies that tap into the power of the cloud and sophisticated analytics of large data sets to deliver the insight you need to identify more advanced, highly targeted threats. The virtually unlimited, cost-effective storage and processing power of the cloud lets you store and monitor information about unknown and suspicious files across your entire IT environment and beyond.
Security tools that use a telemetry model to continuously gather data across the extended network and then leverage big data analytics help you detect and stop malicious behaviour even after a threat has passed through the initial lines of defence. This deeper level of analysis identifies threats based on what the file does, not what it looks like, enabling detection of new unknown types of attacks.
Collective Security Intelligence - To identify more obscured threats, there's strength in numbers. Individual files shouldn't be analysed in a vacuum - collective security intelligence enabled by the cloud is required. Look for security technologies that can draw from a widespread community of users to collect millions of file samples and separate benign file and network activity from malicious based on the latest threat intelligence and correlating symptoms of compromise. Going a step further, this collective intelligence can be turned into collective immunity by sharing the latest intelligence and protections across the user base.
Attackers have learned how to find and anticipate gaps in protection and evade detection. Using a combination of real-time visibility, big data analysis and collective security intelligence to connect traditionally disparate technologies is what it will take to defend modern networks against modern attacks. To more effectively protect any organisation (e.g. telecommunications, government agencies, national critical infrastructure, banking, education...) against known and unknown threats, next generation IPS and advanced malware protection must work together, in a continuous fashion, to secure networks, endpoints, virtual machines and mobile devices.
Amitpal Dhillon is Field Product Marketing Manager, Asia Pacific, Sourcefire.
Sign up for Computerworld eNewsletters.