Simplifying and Prioritizing Advanced Threat Response Measures

I had to go to the doctor the other day because I was miserable and sick. I don’t like going to the doctor so I waited until my stuffy nose and congestion turned into a full blown sinus infection. The doctor said this thing was going around, and I should be better in a few day with my prescription. Where did I catch this demon inside my face?  Was it the plane?  Was it the hand rail on the shuttle bus? Was it the gas station pump? Was it my kids? Wouldn’t it great if you could ask your doctor, “So doc where did I catch this?” and have the doctor say, “Oh you picked this up from the shopping cart at the grocery store on 4th Street, and it look like 25 other people caught it too.”

Your doctor can’t do this yet but IT security professions can.

Trend Micro recently introduced advanced analytics capabilities for its network security solution, Deep Discovery™. These new capabilities will help IT security professionals understand more about the attacks on their networks. By correlating the event data from Deep Discovery Inspector, Deep Discovery Director – Network Analytics will simplify and help prioritize advanced threat response measures for security professionals. Essentially allowing them to answer the question I was asking my doctor above. Where did I catch this? But it won’t stop there. Deep Discovery Director – Network Analytics will not only show the first point of infection, but it will also track where the threat has spread – showing who else has been impacted, and what external severs it is reaching out to such as command and control servers. As many attacks take place over several days, it is hard to comb through all the events and logs to piece together an entire attack. Now with a click of the mouse it will show the entire attack life cycle going back 90 days. This visibility and real-time reporting can be invaluable when management is asking for details about the latest threats or outbreak.

Attacks that slip past perimeter protection solutions can go undetected in the network for months on average. Lateral movement detection should be a top priority, however most advanced threat solutions only monitor north/south traffic. Deep Discovery Inspector will monitor north/south and east/west traffic with the same device. This reduces the number of devices and all the management and logistics that go along with them. As seen in the screen shot above lateral movement is a key part of this attack and if it is not monitored the threat can spread across the network unbeknownst to the security team.

If you are using Deep Discovery Inspector to monitor your network ask your Trend Micro contact about Deep Discovery Director – Network Analytics and see how it can help you correlate, prioritize and simplify the events reported by Deep Discovery Inspector.

If you using another product for advanced threat detection consider using Deep Discovery to help augment your current deployment by monitor the east/west traffic and provide threat analytics, while your existing solution monitors the north/south traffic.

It is never too late to get a second opinion.