- Investigate network forensics and anomaly detection to gain better insight into network activity and ferret out APTs.
- Work more closely with network operations to better understand network behavior and share insights for faster resolution of low-and-slow breaches.
As security groups come to the realization that advanced (or adaptive) persistent threats (APTs) are becoming an unfortunate fact of life, they may turn to additional tools that provide better visibility into what is actually happening on the network. Survey after survey into security practices within organizations concludes that, more often than not, security pros have little visibility and/or understanding into what is actually taking place on the corporate network. Even those security groups that employ SIEM tools have a limited view into events taking place on the network. Log files and security events only provide a small glimpse into what is taking place, because they lack context. Still, that has not dampened the security industry’s enthusiasm for SIEM technology. In the same week in early October, McAfee announced its acquisition of SIEM provider NitroSecurity, while IBM acquired Q1 Labs. Those acquisitions followed HP’s acquisition of SIEM market leader ArcSight by about a year.