On August 20, 2013, Gartner released Five Styles of Advanced Threat Defense. This graphic from the Gartner report summarizes the defensive strategies:
Gartner provides a description of each style, the strengths, weakness and players.
Style 1 – Network Traffic Analysis. These firms look at traffic patterns and seek to highlight abnormal traffic. Players include Arbor Networks, Damballa, Fidelis, Lancope and Sourcefire.
Style 2 – Network Forensics. After the bad guys are in, these tools support incidence response. Players include Blue Coat and RSA.
Style 3 – Payload Analysis. These firms use a sandbox environment to detect malware and prevent installation. Players include AhnLab, CheckPoint, FireEye, Lastline, McAfee, Palo Alto Networks, ThreadGrid and TrendMicro.
Style 4 – Endpoint Behavior Analysis. There are a wide variety of approaches taken at the endpoint to defend against attacks. These include whitelisting processes, application containment and process monitoring. Players include Blue Ridge Networks, Bromium, Invincia, Sandboxie, Trustwave, Cyvera, ManTech/HBGary, RSA and Triumfant.
Style 5 – Endpoint Forensics. After the bad guys are in, these are forensic tools that incident response teams use to mitigate the impacts of compromised computers. Players include Bit9, Carbon Black, Guidance Software, Mandiant and ManTech/HBGary.
What is missing from this picture? The user! The attackers understand this model and that is why they use attack techniques that evade these methods. As Cisco discussed in Email Attacks: This Time It’s Personal, APT attacks don’t target the systems — the attacks target the users. An effective APT defense requires a defensive layer that hardens the point of attack — the user.
Employees’ email decisions can compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.