Light Dark
September 23, 2019 By Douglas Bonderud 5 min read
Intelligence & Analytics
Risk Management
Threat Hunting

Organizations are spending on cybersecurity, but threat vectors continue to outpace corporate outlay. As noted by Tech Genix, 2019 will see a rise in everything from cryptojacking attacks and supply chain compromises, to the misuse of biometric data and malicious use of artificial intelligence (AI) to hack corporate networks. Businesses need a better approach to handle new infosec challenges. Enter unified threat management (UTM).

What exactly is UTM? And how does better threat management help address the concerns of complexity, compromise and cybersecurity response? Here’s what you need to know about the future of effective information security.

What Is Threat Management?

Threat management is exactly what it sounds like: policies, procedures and system processes that help manage, mitigate and respond to network threats. Organizations have been deploying threat management solutions for years — including antivirus, firewall, spam filtering and intrusion detection systems — to reduce overall network risk.

The challenge is that as IT environments rapidly scale up thanks to mobile and cloud-based technology, potential attack surfaces scale exponentially. This means organizations can’t just address current threats; they must keep one eye on the hacker horizon to help predict what comes next — and how to stop it.

Given the increasing speed of data creation, complexity of IT environments, growing skills gap and limitations of current threat management methods, many organizations struggle to secure systems in what amounts to a 360-degree threat cycle. Blurred lines between public, private and hybrid resources mean threats can come from any direction, at any time and targeting any system.

To address the changing threat landscape, a new class of defense mechanisms has emerged: unified threat management solutions. Deployed as software or hardware resources, advanced UTM solutions combine the common threat management techniques listed above while also making room for emerging technologies, such as AI and automation.

Let’s break it down: What’s holding your enterprise infosec back? Why do you need UTM? What problems can it solve for your organization?

The Complexity Compromise

Security expert Bruce Schneier said it best 20 years ago in his essay, “A Plea for Simplicity“: “The worst enemy of security is complexity.” But what’s causing increased security complexity? And why is it so problematic for enterprises?

Answering the first question is easy: digital transformation. As noted by Gartner, almost 90 percent of organizations now have some type of digital transformation initiative in progress to help improve current products and services. The problem is that there’s no road map for effective transformation, and in a digital-first market where speed grants a critical competitive advantage, companies are adopting multiple solutions simultaneously — from public cloud deployments, to big data collection solutions, to end user analytics tools — forcing them to also adopt multiple security controls in an effort to keep pace. The result is a fractured, complex environment that rapidly becomes difficult (or impossible) to protect.

This is the critical problem of complexity: The more complex your IT environment, the more difficult it becomes to implement cybersecurity techniques such as effective data protection or real-time visibility. In effect, excessively complex environments provide security shade for attackers, allowing them to fly under threat management solutions even as IT professionals look to bolster existing defenses.

One solution is multivendor security collaboration that drives true UTM. Much like the infancy of cloud computing, interoperability of security vendors and offerings has been limited for the past several years as solutions diversify and enterprises develop security best practices. But as the market has begun to standardize, multipartner threat management vendors with solutions that meet NIST’s Cybersecurity Framework benchmarks have emerged to help reduce total complexity and boost overall network security.

Put simply, collaboration is the complexity cure of the future.

I Get Knocked Down (But I Get Up Again)

Threat prevention and detection are critical, but what happens when malicious actors break through corporate systems. If isn’t the question, but when. From large retailers, to government agencies, to cryptocurrency firms, internet service providers (ISPs) and security vendors, no business or sector is safe from potential compromise. Most enterprises understandably put IT emphasis on finding and stopping threats before they cause major network issues, but spend minimal time and resources figuring out what happens when they’re figuratively and digitally knocked down. How do they get back up?

The first priority is to start thinking like a hacker. Recognize that no matter your size, industry or the potential value of your data, you’re a target for threat actors. Have a robust security system? You must be protecting something precious. Have minimal security staffing and resources? You’re the perfect place to try out new attacks without the risk of getting caught. Recognizing your risk is the first step toward knowing your enemy — understanding the most common ways malicious actors attempt to compromise your network and developing key countermeasures.

The next step is to build out robust incident response (IR) plans. Define what happens when an incident occurs: What defense mechanisms are activated? Who gets called in? Who’s in charge? What’s your ideal recovery time objective (RTO)? How are threats categorized, minimized and eliminated? Critical here are specificity and repetition. While organizations can’t account for every threat vector, they can define specific processes that activate in response to general threats. Repetition, meanwhile, is essential for effective response; teams should regularly stage both in-house and third-party penetration testing exercises to ensure IR plans are effective against both current and emerging threats.

The addition of UTM solutions to IR plans help IT teams think like threat hunters instead of hapless prey by providing transparency into key security shortcomings and offering actionable insights to build out better security programs.

Stop Whacking Moles With Unified Threat Management

The cybersecurity skills gap is real — and growing. According to Dark Reading, while the number of infosec graduates has increased by 40 percent in the last five years, demand has risen 94 percent as the increasing need for skilled professionals outpaces the uptick in supply.

As a result, IT professionals often spend their time reacting to security events and playing whack-a-mole with emerging incidents as they attempt to land hard hits on big security issues. Here, unified threat management tools offer the potential to deliver three critical outcomes:

  • Priority processing — Not every threat alert demands a threat response. But how do organizations differentiate between must-solve security issues and more run-of-the-mill malicious attacks? Advanced UTM solutions provide the critical analytic capabilities necessary to prioritize threats and ensure IT teams tackle your biggest problems first.
  • Programmatic protection No matter how large or how experienced your IT team, they can’t keep up with the sheer number of threat vectors now emerging to target email accounts, access points and connected devices. Here, AI and automation offer critical advantages: AI can help stop cyberthreats up to 60 times faster than manual processes, while automation helps eliminate repetitive tasks such as data entry and alerting to increase IT response speed.
  • Proactive potential — Reactivity makes organizations easy targets; attackers can get in and out before teams know what hit them. By mastering the art and science of threat hunting, your team can gain the ability to both address threats as they occur and create intelligent hypotheses about what’s on the horizon.

In sum, what is threat management? It is the science of finding and mitigating current attack vectors. Unified threat management, on the other hand, is a set of collaborative, proactive and transparent tools and services that combine science and art to deliver the future of innovative information security.

Learn more about leveling up your threat management capabilities

 |  |  |  |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature