Advanced Persistent Threats (APTs), or Advanced Targeted Threats as Gartner calls them, are now top of mind with security professionals, C-level executives and Boards of Directors.

All brands – as well as major events such as the London Olympics — are now being targeted by ever increasingly sophisticated attackers and techniques, whether the intent is to steal corporate intellectual property (Lockheed, RSA), disrupt websites to bring attention to a particular cause (FBI, MPAA), or steal customer data (LinkedIn, Epsilon, etc.).

Regarding APTs, Charles Kolodgy, VP of Security at IDC, was recently quoted in this article from Network World:

IBM Tuesday introduced what it’s calling a “next generation” intrusion-prevention system (IPS), an offering that not only is designed to stifle network-based attacks, but adds application-level controls and URL filtering capabilities typically found in separate products such as Web security gateways … With the XGS 5000, IBM wants to maximize its influence with IPS buyers (IBM ranks only behind Cisco with 13.2% of the $1.88 billion market, according to IDC) …

IDC security research analyst Charles Kolodgy says the IBM XGS 5000 does represent a new kind of IPS-based product that “improves network, user, and application awareness” and “vastly improves an IPS’s ability to provide full network protection, especially trying to uncover custom malware and stealth attacks perpetrated by advanced persistent threats.” APT is the term use to describe stealthy attacks to try and steal sensitive corporate data.

Although the term “next-generation IPS” is starting to be bandied about, IDC is still pondering the usefulness of this phrase or whether a new category entirely should be established that “goes beyond either firewall or IPS.”

“The uniqueness isn’t so much in the application layer and URL [visibility], a lot of products have that, but it’s in the ability to set up security at the user level (like the next-generation firewall), correlate that information (in this case with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files,” Kolodgy explains.

The article continues to discuss APTs: Indeed, IBM says the appliance’s integration with IBM’s Advanced Threat Protection Platform, which utilizes anomaly detection and event correlation capabilities, enables users to better address more complex attacks such as Advanced Persistent Threats (APTs).

My point for this post is to highlight our most recent offering at IBM Security Systems, the Network Security Protection Platform, and specifically how it may indeed be ushering in what I call Security Intelligence 2.0.

Perhaps this graphic represents the foundation of Security Intelligence 2.0:

click image to enlarge

What the heck, Q1 Labs put “Security Intelligence” on the map as a new term years ago, in the context of SIEM + Log Management + Configuration & Vulnerability Management + Behavior Anomaly Detection + Deep Packet Inspection. Do you see why we called THAT Security Intelligence?

Now with our Next-Gen IPS being tightly coupled with other related components – as in XGS + QRadar + Anomaly Detection + X-Force real-time threat intelligence feeds — I assert we have raised the bar. And if some leading industry influencers actually said we did, even better. Fact is, when Q1 Labs started talking about Security Intelligence we did not think of it as a “category” but as a better way for customers to both proactively and defensively address what are now commonly called APTs (sorry Gartner).

In other words, it’s not about defending against the latest advanced threats with a new “box” that has more bells and whistles – it’s about tying a range of information sources together with analytics to quickly identify behavioral anomalies, and minimizing false positives so you can quickly remediate the most important threats.

more from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…

World’s Largest Darknet Market Shut Down, $25 Million in Bitcoin Seized

On April 5, German authorities announced the takedown of the Hydra marketplace, the world’s largest darknet market trading in illicit drugs, cyberattack tools, forged documents and stolen data. The criminal operation, with about 17 million customer accounts, raked in billions in bitcoin before getting shut down. On its website, the Federal Criminal Police Office (BKA) stated it had secured and…