Advanced Threat Protection: End-to-End, Coordinated Defenses Against Advanced Threats

As you’re reading this article and touching your mouse or mobile phone, a complex network of specialized cells inside your body is hard at work protecting you from infection-causing organisms such as bacteria and viruses. In simple terms, I’m describing your immune system, a remarkable collection of layered defenses. Skin provides a physical barrier to block and expel foreign organisms; a second line of protection detects and eliminates invaders with a cellular counterattack; and if unsuccessful, a third layer of tailored responses or antibodies quickly eliminate the threat based on intelligence from earlier infections. In order for this system to work successfully — protecting you from sickness or disease — immune cells must not only communicate, but also cooperate effectively. Individual defenses are no match for advanced diseases, but taken as a whole, you have an amazing protection system enabling your body to operate as intended.

Why the lesson in biology? With the introduction of the IBM Threat Protection System, we are going after the same level of end-to-end, coordinated defenses — in this case, with technology to limit the success of cyber attacks. The IBM Threat Protection System is the result of a laser-focused effort two years in the making, bringing together innovative security capabilities to prevent, detect and respond to advanced threats in a continuous and coordinated fashion. It’s designed to help disrupt the entire life cycle of an attack — from the initial break-in to the final exfiltration of sensitive data — with preemptive defenses, powerful analytics and open integrations. This is the level of protection required to stop today’s extremely motivated and well-trained attackers.

Up to now, many organizations have responded to security concerns by deploying separate new tools to address each new risk, and the heightened awareness caused by high-profile security breaches has only intensified this trend. I spoke to a government client recently that has 85 different security products across their environment. That alone is a security problem, not to mention the level of complexity as they try to make sense of dozens of disconnected solutions with limited views of the threat landscape. Adding more and more point solutions is unsustainable and, in many cases, has the opposite effect of what was intended. We call this “security sprawl,” and the IBM approach is designed to help drive this complexity down over time.

At the same time, organizations must also evolve their defenses to deal with new breeds of attack. To help our customers build an effective advanced threat protection strategy, the IBM Threat Protection System delivers unique capabilities in three integrated layers of defense:

  • Prevent even the most sophisticated attacks. Real-time prevention is essential to stop advanced attacks from penetrating the organization. This is no easy task, but with behavioral-based defenses working together, the IBM system can block the initial phases of an attack at the endpoint and network. An innovative product called Trusteer Apex disrupts exploits leading to advanced malware on users’ computers, while IBM Security Network Protection (XGS) prevents attacks from reaching vulnerable hosts; they also work in tandem to block attackers from establishing external control channels. With new integrations linking these components to other IBM and third-party security technologies, we’re helping customers achieve coordinated defense today.
  • Detect advanced threats across the entire infrastructure. Even the strongest immune system cannot prevent 100 percent of invaders from getting inside, making it essential to quickly detect active threats before they cause damage. We solve this problem with data. Working as the central nervous system of our approach, the IBM QRadar Security Intelligence Platform includes new processing horsepower to combine massive amounts of data from network traffic, user behavior, security events and numerous other sources to automatically identify unknown or previously undetected threats. Real-time analytics find stealthy attackers lurking within the enterprise, while pre-attack analytics predict and prioritize security weaknesses before someone else does. This is the meaning of security intelligence.
  • Respond continuously to security incidents. Finally, in the event of a successful security breach, it’s important to quickly minimize its impact, understand exactly how the intrusion occurred and learn from findings to prevent another incident. This is exactly why we recently announced IBM Security QRadar Incident Forensics, a brand new offering enabling security teams to quickly retrace breaches step-by-step, often in hours instead of days. This new solution, coupled with the expertise of our IBM Emergency Response Services, helps organizations mount a strong and adaptive response to future occurrences of attack.

Open Integration Is Key: Real-Time Threat Intelligence Sharing to Block Advanced Attacks

To help our customers combine the power of numerous new and existing security investments, we have also expanded our highly successful “Ready for IBM Security Intelligence Partner Program” with new open integrations for real-time intelligence sharing with the IBM Security Network Protection (XGS) product. We are initially working with partners including Trend Micro, FireEye, and Damballa to share real-time threat indicators for immediate quarantine and blocking of advanced attacks. This further complements the hundreds of existing integrations we’ve built across the security community — including solutions from the partners mentioned above — with QRadar and other IBM Security products.

Finally, the IBM Threat Protection System is built on an extensive global threat intelligence network driven by our X-Force team and recently enhanced with incredible Trusteer intelligence on advanced malware and cyber crime campaigns. This means QRadar and XGS customers can now take advantage of Trusteer insights on malware, leveraging an installed base of more than 100 million endpoints.

Like any evolving system, the IBM Threat Protection System is comprised of new and existing capabilities; in fact, customers are taking advantage of its components today. With this announcement, we are introducing a new, coordinated approach optimized specifically to address advanced threats. Furthermore, this launch represents a rigorous series of efforts within IBM to deliver the innovative defenses, analytics and integrations making it all possible. We are committed to continue this journey along with our customers and partners. The introduction of the IBM Threat Protection System is a decisive step along that path.

More from Advanced Threats

Phishing kit trends and the top 10 spoofed brands of 2023

4 min read -  The 2024 IBM X-Force Threat Intelligence Index reported that phishing was one of the top initial access vectors observed last year, accounting for 30% of incidents. To carry out their phishing campaigns, attackers often use phishing kits: a collection of tools, resources and scripts that are designed and assembled to ease deployment. Each phishing kit deployment corresponds to a single phishing attack, and a kit could be redeployed many times during a phishing campaign. IBM X-Force has analyzed thousands of…

Grandoreiro banking trojan unleashed: X-Force observing emerging global campaigns

16 min read - Since March 2024, IBM X-Force has been tracking several large-scale phishing campaigns distributing the Grandoreiro banking trojan, which is likely operated as a Malware-as-a-Service (MaaS). Analysis of the malware revealed major updates within the string decryption and domain generating algorithm (DGA), as well as the ability to use Microsoft Outlook clients on infected hosts to spread further phishing emails. The latest malware variant also specifically targets over 1500 global banks, enabling attackers to perform banking fraud in over 60 countries…

A spotlight on Akira ransomware from X-Force Incident Response and Threat Intelligence

7 min read - This article was made possible thanks to contributions from Aaron Gdanski.IBM X-Force Incident Response and Threat Intelligence teams have investigated several Akira ransomware attacks since this threat actor group emerged in March 2023. This blog will share X-Force’s unique perspective on Akira gained while observing the threat actors behind this ransomware, including commands used to deploy the ransomware, active exploitation of CVE-2023-20269 and analysis of the ransomware binary.The Akira ransomware group has gained notoriety in the current cybersecurity landscape, underscored…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today