What is Next Generation Threat Defense?


by Daniel Stockman, i-Tech Support, Inc

 

 

 

The first version of the Cisco Cyber Threat defense was released in the year 2013, aimed at providing an analysis of network behavior, and identifying threat detection within the interior network.  The primary objective is to introduce an architecture that facilitates threat discovery and containment, after they have entered the network core. Several different solutions have been used to achieve the set goals.

 

These include

  • Netflow
  • Broader visibility
  • Network behavior analysis
  • Context analysis
  • Anomaly detection
  • Incident management
  • Cisco Firepower
  • Threat management in real time
  • URL control
  • In-depth contextual threat visibility
  • Advanced Malware Protection or AMP
  • Endpoint and malware control

The Need

Cyber attacks have become an almost daily incident, targeting large corporations and governments, and allowing valuable and confidential data theft. In most of these events, the attackers directly targeted the victim organization and breached the network several months following theft discovery. The term used for such incidents is Advanced Persistent Threat or APT.  Formally APT is an adversary, possessing sophisticated expertise levels. This allows multiple opportunities to be created through which objectives are achieved by several attack vectors such as physical, deception and cyber.

What this means is that an APT is not a just one attack, but a full campaign. Multiple methods are used so even if one intrusion attempt is blocked, the attacker can try other techniques.

The Cyber Threat Defense Solution tries to instrument the network interior so as to disover the presence of unwanted intrusions that have already acquired an operational footprint.

 

If an organization wants to defend the occurrence of an attack,

they should have complete visibility of the networking environment,

including operating systems, applications, services and all other components.

The Proposed Model

Advanced technology and tools are required to develop a complete and comprehensive response to potential threats. The model must be simple, yet continuously protect business assets and address potential changes. The resultant security system must be deployed directly into the core network layers to achieve maximum efficiency and performance, while risks are minimized.

Such a security system can be designed only when a new model is deployed that ensures proper integration, especially for data centers with little or no space for errors.  The key component of this model is the attack continuum for identifying critical mechanisms that functions in a continuous cycle. Threats are addressed by considering the actions, which must be taken before, during and after attacks.

Before an Attack

If an organization wants to defend the occurrence of an attack, they should have complete visibility of the networking environment, including operating systems, applications, services and all other components. All infrastructure risks should be indentified and understood, and alerts should be enabled at network endpoints.

During an Attack

A cyber attack is ongoing, which means security must be continuous. The security infrastructure should be based on awareness with data aggregation and correlation capabilities across the network. Historical patterns should be identifiable, and global intelligence must be used for distinguishing attacks and background activities.

After an Attack

Retrospective security and an intelligent infrastructure are required to detect malware, and prevent future attacks.

 

Learn more about cybersecurity from technology experts at i-Tech Support, Inc.

  


 

i-Tech Support, Inc. – The Technology to Achieve More

Established in 1999, i-Tech Support, Inc. offers world-class technology support to help businesses achieve more. With divisions dedicated to managed IT support, advanced technology, cybersecurity, cloud services, network assessments, software and consulting, our full service capabilities enable us to be a versatile technology partner for IT departments and businesses in Florida. We support you with the technology to achieve more. Locations in Orlando and Tampa, Florida

i-Tech Support, Inc.: D: 407-265-2000  |  W: www.i-techsupport.com  |  E: info@i-techsupport.com

Share the Post