This post was co-authored by Bob Corson, director of solutions marketing for Trend Micro.

Hacking is no longer a localized bar fight that happens in a spur. It is a well-strategized war against your organization, even to an extent where it may threaten the very existence of your business strategy and operations or the organization as a whole. As part of the initial phase of a targeted attack, cybercriminals perform reconnaissance against your organization to identify hurdles, security blocks and blind spots along with system and human vulnerabilities. In many cases, meticulously planned advanced evasion techniques are used to ensure an attack stays off your radar so that your critical intellectual property can be extracted without tripping any alarms. An additional advantage cybercriminals have is that their actions can go entirely undetected since the information is often not missing, only replicated.

This war cannot be fought anymore by bar bouncers or, in this case, by point solutions. Organizations need to be a step ahead in terms of their global threat intelligence and internal organizational intelligence. They also need the ability to establish complete internal visibility and control over targeted attacks. Security solutions deployed in the environment need to be specialists and experts at preventing specific types of attacks. More importantly, a strategic approach needs to be taken so that the entire environment works as an integrated army that is detecting, preventing and responding to attacks in a seamless, instantaneous manner.

To create such an environment, you must ensure the security vendors your organization partners with are reliable. IBM Security and its specialized security partner, Trend Micro, understand the importance of this approach for their customers and are dedicated to creating solutions that are in sync with each other and create the required integrated, impregnable security environment.

Detecting Attacks on the Ground

To detect what otherwise would be unseen, Trend Micro Deep Discovery Inspector enables your security teams to establish visibility into attacks and attacker behavior that is designed to avoid detection. Deep Discovery Inspector establishes correlated insight into attacks and attacker behavior by monitoring both north-south and east-west network activity across every network port and on more than 80 protocols and applications. This broad-spectrum analysis of your network traffic, combined with the ability to replicate your desktop images in a custom sandbox environment, provides a proven ability to identify known and unknown threats, zero-day exploits, command-and-control (C&C) threats, asset identification, lateral movement and much more, all within a single, low-cost appliance.

The correlated insight and information that is gathered by Deep Discovery Inspector is readily shared with both the IBM QRadar Security Intelligence Platform™ and IBM Security Network Protection™ (XGS), thereby enabling the creation of centralized insight and the ability to both contain and prevent attacks. In short, Deep Discovery Inspector is the advanced reconnaissance team that identifies attacks, attacker behavior and methods and shares this information with both central command (QRadar) and battalion commanders (XGS).

Organizational-Level Security Intelligence

Various specialized security solutions work as field soldiers and provide the much-required visibility into each activity within your organization. However, an intelligent eye that overlays the entire environment to correlate and interpret the relevance of each such incident becomes important to prevent a targeted attack or advanced threat. QRadar has the ability to intellectually correlate billions of events from various vectors, including feeds from Trend Micro Deep Discovery, IBM Security Network Protection and various other security solutions in the environment. Coupled with flow data and global threat intelligence generated by IBM X-Force, the solution deciphers and pulls out the highly relevant threats your organization needs to take action against.

Acting on the Detection and Intelligence

The network is a powerful area to prevent attacks, and a next-generation in-line network security solution is a vital player in an effective security strategy. Intelligence gathered and detected needs to be turned into action, or else it has no value. The quicker this happens, the less damage there is. XGS is integrated with Deep Discovery and QRadar in a manner that intelligence gathered can be immediately turned into action that prevents the attack.

For example, when a C&C server has been identified and confirmed, this can be communicated to the network protection solution, which immediately quarantines any information flow to or from the server to instantly prevent damage. The solution also carries out a deep packet inspection to identify and prevent various types of attacks that are en route. It provides the much-required visibility and granular application control at the network level.

By creating this integrated environment of security solutions that interact with each other, a security web is formed within the organization that can detect, prevent and respond to advanced attacks that cybercriminals thought were otherwise unstoppable.

Read more about what IBM has to say about the case for cooperative defense.

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read