Malware attacks continue to plague organisations across the world, with seemingly no relief from the constant onslaught of new malware. So what is the security industry doing to help in the fight against these threats?
In a recent talk focused on security, Jeremy Matthews, regional manager, Panda Security, spoke about how new technologies are being used to support the traditional AV approach.
Matthews discussed two security software technologies that are changing the way we approach IT security – EDR and SIEM.
Endpoint detection and response (EDR) is a relatively new technology that leverages big data to provide a level of protection we have not seen before. Panda Security's EDR offering, Adaptive Defense enables the detection and analysis of all programs running on endpoints across the network and blocks potentially malicious programs. Adaptive Defense works in conjunction to your traditional antivirus, creating a holistic solution to prevent advanced persistent threats, zero-day attacks and ransomware.
Panda's Adaptive Defense is able to detect, analyse and block malicious programs, but the functionality can be extended with Security Information and Event Management (SIEM) technology, allowing for in-depth analysis, correlation and presentation of security and business data. Matthews explains that SIEM software is a real-time, big data solution that provides a means of breaking up the vast amounts of data in order to understand and analyse it more effectively.
SIEM and EDR technologies are complementary; where EDR collects data, SIEM centralises the storage of all data and provides a dashboard through which data can be represented graphically and summarised.
Integrating SIEM and EDR technology such as Adaptive Defense into your IT security solutions will provide value in the following ways:
* Threat hunting with advanced reporting tools
Track security events through monitoring, data aggregation and correlation, notifications and real-time reports.
* Visual and dynamic data flow
Full visibility of processes and files, as well the ability to create a graphic and detailed analysis of data flow.
* Data leakage detection
Detect data leakage caused by both internal staff and by malware attacks.
* Indications of compromise (IOC)
Set up customised alerts based on particular events.
* Compliance and corporate governance
Analyse IT operational information to improve compliance and governance.
* Understanding business implications
Forensic analysis gives a deeper understanding of the implications of security incidents.
SIEM allows for complete visibility of IT data and events, meaning that organisations are able to identify problem areas and trends. Matthews believes that by implementing EDR and SIEM technologies IT departments can ensure safer and more secure IT systems reducing the risk of malware attacks and compliance problems. Panda offers an optional integrated SIEM solution by Logtrust but will also integrate with many popular SIEM tools.