Just when you thought it wasn’t safe, NetCitadel rides to the rescue with what it calls the first real-time security threat management platform. The release of ThreatOptics, which applies context and intelligence to detected security events and ‘dramatically reduces’ incident response times to Advanced Persistent Threats (APTs) and malware attacks, comes just days after an EMC study that reports ‘startling low confidence levels’ in the ability to avert unplanned downtime, security breaches and data loss.
According to the EMC study, there is a startling lack of senior executive confidence that permeates organizations globally, specifically concerning readiness around the critical IT requirements of continuous availability; advanced security; and integrated backup and recovery. Somewhat unsurprising from a company in the security business (RSA), it concluded that reduced investment in these areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss and underscores the need to adopt progressive strategies to achieve Trusted IT infrastructures.
There are three trends driving the need for a solution like ThreatOptics, said NetCitadel co-founder and CEO Mike Horn. The first trend is the volume and sophistication of malware and malicious attacks, which continues to grow. That has resulted in a wave of tools to address this increase, he said.
The second trend is the acceptable time window to respond to these is being significantly driven down by customers. “They used to try and respond within 24 hours, and now they’re trying to respond within 4 hours.”
The third trend, the part of the iceberg under the water, said Horn, is the huge talent shortage. “Customers tell us they’re hiring, and ask do we know anybody?” Most customers are facing this shortage, and he believes it will have a big impact over the next 3-5 years. “These guys don’t grow on trees.”
As throwing more bodies at security is not an option, you need better tools, and that’s where NetCitadel comes in, he said. It’s about context, not just identifying the threat, but understanding it. The automated tool can reduce the mean time to respond (MTTR) by more than 50%, stated the company.
NetCitadel is the not the first to see the need for a more holistic approach to security, i.e. the a fore-mentioned RSA. “Integrated solutions that comprise incident detection, investigation, and response, can help organizations reduce the overall impact of security incidents on the business, meet compliance requirements, and streamline security operations,” said Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group.
A recent ESG survey of security professionals revealed results not that dissimilar from the EMC study or Horn’s trends, including:
-42% believe that “keeping up with the latest threats and vulnerabilities” is “much more difficult” or “somewhat more difficult” than it was two years ago;
-39% believe that “keeping up with internal security skills” is “much more difficult” or “somewhat more difficult” than it was two years ago; and,
-35% believe that “recruiting/hiring new security professionals” is “much more difficult” or “somewhat more difficult” than it was two years ago;
While the EMC survey paints a bleak picture about the state of security, security budgets are outpacing overall IT spending. The $9 billion mobile device and network security market is expected to exceed 20% compound annual growth for the next 7 years, while the enterprise network security equipment market will see 7% CAGR over the next five years. Throw in services, and this market is expected to reach $67.2 billion in 2013, up 8.7% from 2012, and exceed $86 billion in 2016.
Horn said there’s a lot more work to be done, including collecting customer endpoint data and integrating it into the solution. On the analytics side there is still a lot of room to data mine and better understand relationships and figure it out. The last piece is visualization and dashboarding, giving them a holistic view.
Under The Hood
ThreatOptics leverages intelligent threat event context and patent-pending security orchestration technologies to deliver real-time responses to security events. Security information from systems such as Security Information and Event Management (SIEM), Advanced Malware Detection (AMD) and Intrusion Detection Systems (IDS) are integrated to work with existing security devices, such as firewalls and web proxies.
Features include: automated context data collection and analysis; “out of the box” integration with multiple detection sources and enforcement devices; “single pane of glass”, 360-degree view of each incident; and the ability to reduce MTTR by more than 50%. To be available in December as a virtual appliance, ThreatOptics pricing begins at approximately $50,000 and goes up based on the number of users and the size of the security infrastructure.