Cisco’s Managed Threat Defense: A New Era for Data Security Analytics?

IT security is no laughing matter, and organizations of all sizes and in all industries can’t afford to ignore it.

As CNN reports, Target CEO Gregg Steinhafel tendered his resignation after “extensive discussions” with the board of directors. Why? Because Steinhafel was in charge when company networks were hacked in December 2013, leading to the theft of 40 million credit card numbers. Unhappy consumers prompted a 46 percent drop in Target’s profit, and the retailer is now spending $100 million to upgrade its point-of-sale (POS) technology. But as a recent Sydney Morning Herald article points out, even if new POS terminals had been installed before the breach Steinhafel couldn’t have prevented the breach from happening.

Network giant Cisco thinks it has the answer to this cycle of security failure and executive blame: Managed Threat Defense. Is this the dawn of a new era for security analytics?

Changing the Locks on IT Security

In an ideal world, network security breaches wouldn’t happen. Defenses would outpace attacks, and security vendors could say with absolute certainty that attacks were impossible. Unfortunately, the opposite is true. As noted in Cisco’s Annual Security Report, 100 percent of companies admitted that some traffic coming from their networks headed straight for malware-laden websites.

Cisco’s Managed Threat Defense solution gives security analysts a “single pane of glass” to help identify suspicious activity, according to the company’s Data Sheet. In addition, the solution offers real-time predictive analytics powered by Hadoop 2.0, which can detect anomalous network patterns, zero in on “unknown” attacks and track emerging incidents.

Cisco’s offering is a combination of on-premises hardware and software — all incoming and outgoing data is monitored 24/7 by Cisco’s security operation centers, which can respond instantly in the event of a threat.

Seeing the Future of Data Protection

The Global Security Analytics Market 2014–2018 report from Research and Markets predicts a compound annual growth rate of 10.61 percent for security analytics through 2018. And while it sounds like smoke and mirrors, predictive analytics offers tangible benefits as the enterprise market shifts from reliance on local resources to as-a-service alternatives.

Creative malware developers and virus authors are taking full advantage of security gaps to write code that alters its structure with each execution. In response, security vendors have shifted away from walling off networks, because it’s all too easy to sneak through the gate; the new goal is to predict what a program will do before it has a chance to execute.

A recent IT-Director article talks about the need for security intelligence before, during and after an incident. The idea actually comes from Cisco’s Sourcefire and dovetails perfectly with the manifesto of Managed Threat Detection: end-to-end protection.

Current solutions focus on what happens before attacks by using blacklists of email addresses, applications and websites. After is also well populated by companies that can assess the extent of damage and help enterprises get back on their feet. During is when most solutions can’t perform. Managed Threat aims to close this gap by monitoring user environments in real-time for behaviors that may be the precursors of an attack. Instead of looking for a specific code or host, the solution uses streaming telemetry to evaluate network traffic on a moment-by-moment basis, in effect predicting the future.

A Three-Sided Defense or a Single Shield?

Not all companies agree with Cisco’s model — IBM, for example, believes end-point protection is still the first line of defense against malware and other cyberthreats. But it’s hard to argue with the idea that attacks are better handled on three fronts rather than one: Defend where possible, detect when able and destroy as necessary.

[image: voyager624/iStock/ThinkStockPhotos]