Jul 11, 2012
Strategy: Evaluating and Choosing Threat Intelligence Tools
The appearance of continuously evolving, persistent, highly sophisticated and targeted attacks is wreaking havoc with the reputations, data and operations of major organizations. Many enterprises have only fragmented security monitoring in place, making it difficult to fully understand what is happening in their environments. This means that the small events that may lead up to a full breach are not being correctly identified. Detecting such activity—often aimed at a specific website, employee, company or IT asset—requires the ability to monitor and compare anomalous behavior over time, connecting the dots among multiple events. These attacks are becoming more resistant to signature-based security tools, driving many enterprises to initiate a threat intelligence program that will enable them to anticipate threats instead of waiting until it’s too late.
An Internet search for “threat intelligence tools and services” shows that there are plenty of possible options out there. According to research from IDC, the security services threat intelligence market will be close to $1 billion by 2014, as organizations try to improve their security by becoming more proactive and getting advanced warnings of potential attacks to reduce downtime and remediation costs. By gaining extra time, mitigating controls can be put into place to provide better protection against new threats and vulnerabilities. In this special report, we look at the categories of tools and services available for threat analysis and offer some recommendations on how to evaluate and select them. (S5350712)