Advanced Persistent Threats (APTs), or Advanced Targeted Threats as Gartner calls them, are now top of mind with security professionals, C-level executives and Boards of Directors.

All brands – as well as major events such as the London Olympics — are now being targeted by ever increasingly sophisticated attackers and techniques, whether the intent is to steal corporate intellectual property (Lockheed, RSA), disrupt websites to bring attention to a particular cause (FBI, MPAA), or steal customer data (LinkedIn, Epsilon, etc.).

Regarding APTs, Charles Kolodgy, VP of Security at IDC, was recently quoted in this article from Network World:

IBM Tuesday introduced what it’s calling a “next generation” intrusion-prevention system (IPS), an offering that not only is designed to stifle network-based attacks, but adds application-level controls and URL filtering capabilities typically found in separate products such as Web security gateways … With the XGS 5000, IBM wants to maximize its influence with IPS buyers (IBM ranks only behind Cisco with 13.2% of the $1.88 billion market, according to IDC) … IDC security research analyst Charles Kolodgy says the IBM XGS 5000 does represent a new kind of IPS-based product that “improves network, user, and application awareness” and “vastly improves an IPS’s ability to provide full network protection, especially trying to uncover custom malware and stealth attacks perpetrated by advanced persistent threats.” APT is the term use to describe stealthy attacks to try and steal sensitive corporate data. Although the term “next-generation IPS” is starting to be bandied about, IDC is still pondering the usefulness of this phrase or whether a new category entirely should be established that “goes beyond either firewall or IPS.” “The uniqueness isn’t so much in the application layer and URL [visibility], a lot of products have that, but it’s in the ability to set up security at the user level (like the next-generation firewall), correlate that information (in this case with QRadar), and utilize cloud-based threat intelligence to uncover malicious websites and files,” Kolodgy explains.

The article continues to discuss APTs: Indeed, IBM says the appliance’s integration with IBM’s Advanced Threat Protection Platform, which utilizes anomaly detection and event correlation capabilities, enables users to better address more complex attacks such as Advanced Persistent Threats (APTs).

My point for this post is to highlight our most recent offering at IBM Security Systems, the Network Security Protection Platform, and specifically how it may indeed be ushering in what I call Security Intelligence 2.0.

Perhaps this graphic represents the foundation of Security Intelligence 2.0:

click image to enlarge

What the heck, Q1 Labs put “Security Intelligence” on the map as a new term years ago, in the context of SIEM + Log Management + Configuration & Vulnerability Management + Behavior Anomaly Detection + Deep Packet Inspection. Do you see why we called THAT Security Intelligence?

Now with our Next-Gen IPS being tightly coupled with other related components – as in XGS + QRadar + Anomaly Detection + X-Force real-time threat intelligence feeds — I assert we have raised the bar. And if some leading industry influencers actually said we did, even better. Fact is, when Q1 Labs started talking about Security Intelligence we did not think of it as a “category” but as a better way for customers to both proactively and defensively address what are now commonly called APTs (sorry Gartner).

In other words, it’s not about defending against the latest advanced threats with a new “box” that has more bells and whistles – it’s about tying a range of information sources together with analytics to quickly identify behavioral anomalies, and minimizing false positives so you can quickly remediate the most important threats.

More from Intelligence & Analytics

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Unmasking hypnotized AI: The hidden risks of large language models

11 min read - The emergence of Large Language Models (LLMs) is redefining how cybersecurity teams and cybercriminals operate. As security teams leverage the capabilities of generative AI to bring more simplicity and speed into their operations, it's important we recognize that cybercriminals are seeking the same benefits. LLMs are a new type of attack surface poised to make certain types of attacks easier, more cost-effective, and even more persistent. In a bid to explore security risks posed by these innovations, we attempted to…