The next generation of security needs to “identify attacks as they are happening”. This is where behavior analysis can step in and be used as a real-time security defense tool. Today, SIEM’s are effective at identifying attack patterns but they are not sophisticated enough to convert their threat correlation analytics into actionable events, such as creating dynamic policies to quarantine a suspicious internal host, or creating a firewall policy to block access to a destination IP and a specific application.
Today, sandboxes, detonators, or emulation engines do provide zero-day detection of malware files, but even with these solutions, the first infection is typically allowed to happen.
To address today’s sophisticated threat landscape, a single platform that can provide full cycle threat detection and remediation is necessary:
- Threat detection -Behavior analysis (BA) using big data analytics for security event detection is complimentary to sandbox systems and can be used to identify attacks as they are happening.
- Incident Response and Forensics -Behavior analytics can provide a complete audit trail of the attack from beginning to end.
- Remediation -The advantage of integrating BA into a firewall is that the alerts can be easily converted to actionable events, with the firewall platform able to dynamically create security policies to block the event as its happening.