by Lawrence Pingree | November 15, 2017 | Comments Off on Our Intelligence Lead Defenses Must Evolve
Threat intelligence has been a hot topic during the past few years. Back in 2015, I introduced research titled “Intelligent and Automated Security Controls Impact the Future of the Security Market” which highlighted the need to intelligently enrich our security technologies and instrument automated security controls in an orchestrated manner – leveraging machine learning and adaptive responses. A crucial theme for security programs from Gartner has been to raise budgets for detection and response activities and orient budgets to these aspects of security programs. This guidance has been maintained because of the general lack of detection in many of our client’s environments.For many, the lack of detection and response is still very real, and Gartner still retains this guidance.
Many security programs are still overloaded with alerts, and significantly understaffed to deal with them and looking for options to lower the noise. In research titled “Emerging Technology Analysis: Threat Intelligence Gateways” Gartner clients can read about a new defensive technology that goes beyond the firewall and IPS you use today which can bolster not only detection, but also improve prevention capabilities based on shared infrastructure intelligence, delivering a new method of moving beyond our existing capabilities in order to have more granular, intelligence-lead traffic control. Controlling traffic based on what is known about a particular IP address space rather than just another threat intelligence block list… (e.g. This IP address range is used for marketing lists, this infrastructure known for being a hosting facility, this infrastructure known for IRC bots, etc) is the future of the defensive solutions and Threat Intelligence Gateways are a viable and useful consideration to improve our use of shared intelligence and combine both threat intelligence blocking and intelligent traffic filtering. Please take a look at this research and feel free to schedule an inquiry with me to discuss them in more detail.
Latest research: Emerging Technology Analysis: Threat Intelligence Gateways
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.