Advanced Threat Protection: End-to-End, Coordinated Defenses Against Advanced Threats

As you’re reading this article and touching your mouse or mobile phone, a complex network of specialized cells inside your body is hard at work protecting you from infection-causing organisms such as bacteria and viruses. In simple terms, I’m describing your immune system, a remarkable collection of layered defenses. Skin provides a physical barrier to block and expel foreign organisms; a second line of protection detects and eliminates invaders with a cellular counterattack; and if unsuccessful, a third layer of tailored responses or antibodies quickly eliminate the threat based on intelligence from earlier infections. In order for this system to work successfully — protecting you from sickness or disease — immune cells must not only communicate, but also cooperate effectively. Individual defenses are no match for advanced diseases, but taken as a whole, you have an amazing protection system enabling your body to operate as intended.

Why the lesson in biology? With the introduction of the IBM Threat Protection System, we are going after the same level of end-to-end, coordinated defenses — in this case, with technology to limit the success of cyber attacks. The IBM Threat Protection System is the result of a laser-focused effort two years in the making, bringing together innovative security capabilities to prevent, detect and respond to advanced threats in a continuous and coordinated fashion. It’s designed to help disrupt the entire life cycle of an attack — from the initial break-in to the final exfiltration of sensitive data — with preemptive defenses, powerful analytics and open integrations. This is the level of protection required to stop today’s extremely motivated and well-trained attackers.

Up to now, many organizations have responded to security concerns by deploying separate new tools to address each new risk, and the heightened awareness caused by high-profile security breaches has only intensified this trend. I spoke to a government client recently that has 85 different security products across their environment. That alone is a security problem, not to mention the level of complexity as they try to make sense of dozens of disconnected solutions with limited views of the threat landscape. Adding more and more point solutions is unsustainable and, in many cases, has the opposite effect of what was intended. We call this “security sprawl,” and the IBM approach is designed to help drive this complexity down over time.

At the same time, organizations must also evolve their defenses to deal with new breeds of attack. To help our customers build an effective advanced threat protection strategy, the IBM Threat Protection System delivers unique capabilities in three integrated layers of defense:

  • Prevent even the most sophisticated attacks. Real-time prevention is essential to stop advanced attacks from penetrating the organization. This is no easy task, but with behavioral-based defenses working together, the IBM system can block the initial phases of an attack at the endpoint and network. An innovative product called Trusteer Apex disrupts exploits leading to advanced malware on users’ computers, while IBM Security Network Protection (XGS) prevents attacks from reaching vulnerable hosts; they also work in tandem to block attackers from establishing external control channels. With new integrations linking these components to other IBM and third-party security technologies, we’re helping customers achieve coordinated defense today.
  • Detect advanced threats across the entire infrastructure. Even the strongest immune system cannot prevent 100 percent of invaders from getting inside, making it essential to quickly detect active threats before they cause damage. We solve this problem with data. Working as the central nervous system of our approach, the IBM QRadar Security Intelligence Platform includes new processing horsepower to combine massive amounts of data from network traffic, user behavior, security events and numerous other sources to automatically identify unknown or previously undetected threats. Real-time analytics find stealthy attackers lurking within the enterprise, while pre-attack analytics predict and prioritize security weaknesses before someone else does. This is the meaning of security intelligence.
  • Respond continuously to security incidents. Finally, in the event of a successful security breach, it’s important to quickly minimize its impact, understand exactly how the intrusion occurred and learn from findings to prevent another incident. This is exactly why we recently announced IBM Security QRadar Incident Forensics, a brand new offering enabling security teams to quickly retrace breaches step-by-step, often in hours instead of days. This new solution, coupled with the expertise of our IBM Emergency Response Services, helps organizations mount a strong and adaptive response to future occurrences of attack.

Open Integration Is Key: Real-Time Threat Intelligence Sharing to Block Advanced Attacks

To help our customers combine the power of numerous new and existing security investments, we have also expanded our highly successful “Ready for IBM Security Intelligence Partner Program” with new open integrations for real-time intelligence sharing with the IBM Security Network Protection (XGS) product. We are initially working with partners including Trend Micro, FireEye, and Damballa to share real-time threat indicators for immediate quarantine and blocking of advanced attacks. This further complements the hundreds of existing integrations we’ve built across the security community — including solutions from the partners mentioned above — with QRadar and other IBM Security products.

Finally, the IBM Threat Protection System is built on an extensive global threat intelligence network driven by our X-Force team and recently enhanced with incredible Trusteer intelligence on advanced malware and cyber crime campaigns. This means QRadar and XGS customers can now take advantage of Trusteer insights on malware, leveraging an installed base of more than 100 million endpoints.

Like any evolving system, the IBM Threat Protection System is comprised of new and existing capabilities; in fact, customers are taking advantage of its components today. With this announcement, we are introducing a new, coordinated approach optimized specifically to address advanced threats. Furthermore, this launch represents a rigorous series of efforts within IBM to deliver the innovative defenses, analytics and integrations making it all possible. We are committed to continue this journey along with our customers and partners. The introduction of the IBM Threat Protection System is a decisive step along that path.

More from Advanced Threats

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today