5 Ways to Correlate Threat Intelligence
Second of a four-part series
There’s a powerful correlation between the security of your network and Masergy’s Unified Enterprise Security (UES) platform.
As the dictionary tells us, a correlation happens when two or more things go together in ways not expected from chance alone. Most security solutions use correlation as part of their threat monitoring. In what’s typically the last step before sending an alert, these solutions use rules-based systems to correlate data sets.
Masergy’s UES platform takes correlation one huge step further. The solution continuously identifies, analyzes and correlates typical network traffic, alerts and packet behaviors over long periods of time. It then deploys unique methods to detect and thwart reconnaissance activity prior to an attack. UES also dramatically reduces the number of both false positives and false alarms.
UES does all this by building behavioral profiles that far exceed the traditional frequency, threshold and netflow-based detection methods used by other security solutions.
Secure Data Sets
To achieve this tight correlation between dissimilar data sources, Masergy UES tightly integrates five important data sets directly into its engine:
Masergy’s UES platform includes an integrated vulnerability scanner that maintains a fresh profile of all vulnerabilities on the network. This helps the system better understand the attack surface of the network, not only guaranteeing that the correct signatures are loaded in an intrusion-detection system, but also allowing the behavioral engine to adjust its threat profiles based on known vulnerabilities and server locations. For instance, a server receiving live network traffic from the Internet would get much higher scrutiny than an internal server with little traffic.
2. Intrusion Detection System
An integrated, knowledge-based intrusion-detection system is essential to finding attack vectors of known exploits. By itself, such a system cannot find unknown or zero-day exploits. But by being fully integrated into Masergy’s UES platform, this system also serves as a data source that feeds the behavioral-analytics engine. For example, this intrusion-detection system could report on which types of exploits a hacker is trying. It can even directly correlate with vulnerability information to predict which attack types are most likely to be effective.
3. Log Capture and Analysis
Masergy’s UES platform captures and analyzes logs from any log-producing device, application, proxy or service; it can also provide information about applications that have no network presence. First, the system examines all log information using its rules-based engine. Then it organizes the logs into a unified format and sends them through a learning model. This can also detect brute-force-password attempts at local workstations.
4. Threat Intelligence
UES is fully managed and continuously monitored by Masergy’s staff of certified security experts. In essence, we become an extension of your team, reinforcing the intelligence that UES learns by correlating all attack vectors. This threat intelligence also provides feeds that the analysis engine uses to correlate and prioritize data, such as Internet hosts being used as attack sources and services being exploited.
5. Vendor Disclosures
We keep up with the industry, known threat intelligence data and software updates that patch potential security vulnerabilities. Whenever hardware and software vendors reveal new security issues with their products, Masergy’s UES analysis engine correlates that information. In this way, it determines which of your systems have new exploits that could work against you.
If and when new information is required, Masergy’s UES platform can immediately launch an appropriate service. Correlation rules can be made quite strict, too. The data is written directly into the unified data set, allowing the same learning models to be used for feature detection.
While all these data sources could be gathered externally, it’s far more powerful to control, analyze and manage them from a single platform. That way, all data—not just the mappable fields—can be correlated, since they’re part of a universal data set. The result: dramatically improved prediction, detection and protection against threats. That’s the power of correlation.
Learn more about Masergy’s UES.