5 Ways to Correlate Threat Intelligence

5 Ways to Correlate Threat Intelligence

Second of a four-part series

There’s a powerful correlation between the security of your network and Masergy’s Unified Enterprise Security (UES) platform.

As the dictionary tells us, a correlation happens when two or more things go together in ways not expected from chance alone. Most security solutions use correlation as part of their threat monitoring. In what’s typically the last step before sending an alert, these solutions use rules-based systems to correlate data sets.

Masergy’s UES platform takes correlation one huge step further. The solution continuously identifies, analyzes and correlates typical network traffic, alerts and packet behaviors over long periods of time. It then deploys unique methods to detect and thwart reconnaissance activity prior to an attack. UES also dramatically reduces the number of both false positives and false alarms.

UES does all this by building behavioral profiles that far exceed the traditional frequency, threshold and netflow-based detection methods used by other security solutions.

Secure Data Sets

To achieve this tight correlation between dissimilar data sources, Masergy UES tightly integrates five important data sets directly into its engine:

1. Vulnerabilities

Masergy’s UES platform includes an integrated vulnerability scanner that maintains a fresh profile of all vulnerabilities on the network. This helps the system better understand the attack surface of the network, not only guaranteeing that the correct signatures are loaded in an intrusion-detection system, but also allowing the behavioral engine to adjust its threat profiles based on known vulnerabilities and server locations. For instance, a server receiving live network traffic from the Internet would get much higher scrutiny than an internal server with little traffic.

2. Intrusion Detection System

An integrated, knowledge-based intrusion-detection system is essential to finding attack vectors of known exploits. By itself, such a system cannot find unknown or zero-day exploits. But by being fully integrated into Masergy’s UES platform, this system also serves as a data source that feeds the behavioral-analytics engine. For example, this intrusion-detection system could report on which types of exploits a hacker is trying. It can even directly correlate with vulnerability information to predict which attack types are most likely to be effective.

3. Log Capture and Analysis

Masergy’s UES platform captures and analyzes logs from any log-producing device, application, proxy or service; it can also provide information about applications that have no network presence. First, the system examines all log information using its rules-based engine. Then it organizes the logs into a unified format and sends them through a learning model. This can also detect brute-force-password attempts at local workstations.

4. Threat Intelligence

UES is fully managed and continuously monitored by Masergy’s staff of certified security experts. In essence, we become an extension of your team, reinforcing the intelligence that UES learns by correlating all attack vectors. This threat intelligence also provides feeds that the analysis engine uses to correlate and prioritize data, such as Internet hosts being used as attack sources and services being exploited.

5. Vendor Disclosures

We keep up with the industry, known threat intelligence data and software updates that patch potential security vulnerabilities. Whenever hardware and software vendors reveal new security issues with their products, Masergy’s UES analysis engine correlates that information. In this way, it determines which of your systems have new exploits that could work against you.

If and when new information is required, Masergy’s UES platform can immediately launch an appropriate service. Correlation rules can be made quite strict, too. The data is written directly into the unified data set, allowing the same learning models to be used for feature detection.

While all these data sources could be gathered externally, it’s far more powerful to control, analyze and manage them from a single platform. That way, all data—not just the mappable fields—can be correlated, since they’re part of a universal data set. The result: dramatically improved prediction, detection and protection against threats. That’s the power of correlation.

Learn more about Masergy’s UES.

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.