Anomaly detection drives more effective incident response
A provider of advanced web security solutions for global enterprises and governments, Blue Coat Systems have announced significant enhancements to its Security Analytics solution, including the addition of anomaly detection, an alerts dashboard and support for SCADA (Supervisory Control and Data Acquisition) environments, to provide more effective and actionable incident response.
Blue Coat Security Analytics, a network security incident response and forensics solution, allows customers to quickly detect breaches, integrate context, reconstruct incidents and extract evidence from a complete record of all network traffic. Security Analytics provides proactive incident response by continuously detecting malicious activity and enriching the retained data to pinpoint potential issues. The ability to retain and enrich more data enables effective retrospective analysis and can dramatically reduce the time it takes to discover a breach from weeks to hours.
The addition of the anomaly detection capabilities to Security Analytics allows incident response teams to identify abnormal behaviour, and therefore, more quickly react to threats. Anomaly detection examines an organisation’s data, activity and patterns to establish a normal baseline of activity, and then employs statistical modelling to quickly identify abnormal activity and flag events necessitating investigation. Anomaly detection helps customers detect the most sophisticated threats; even those which evade signature-based tools, helping incident response teams locate those threats before they cause significant damage. It also reduces the risk of human error and false-positives. Security teams may begin the incident response process starting from an alert of abnormal behaviour detected in Security Analytics, through an integration with 3rd party SIEM or sandbox solutions, or Blue Coat’s own Malware Analysis sandbox.
As a result of this enhancement to Blue Coat Security Analytics, incident response teams will now have the ability to identify unusual counts, signatures, protocols and destinations, while also detecting suspicious movement within their network. As attackers continue to target intellectual property and customer data, anomaly detection specifically monitors for data exfiltration via the web, enabling teams to locate a threat before it causes significant damage.
Additional enhancements to Blue Coat Security Analytics include:
- Alerts Dashboard – This dashboard helps to streamline and focus incident response teams on the most critical alerts. The dashboard also provides an intuitive timeline of alerts.
- Support for SCADA Analysis – This capability provides complete visibility to threats targeting SCADA and Industrial Control System (ICS) environments.
- Capture Only Mode –This eature ensures full capture on high-speed networks and boosts performance to roughly 9Gbps on a single appliance.
- Central Manager – Central Manager delivers central access to all Security Analytics sensors for directed, aggregate searches and management, now supporting over 200 deployed sensors, expanding scalability and managing larger deployments. This enhancement supports larger scale deployments and builds upon Blue Coat’s partnership with NetApp to provide high-density storage solutions that enable extended network forensic analysis.
- Dynamic Filtering – With this feature, incident response teams may choose to eliminate traffic they don’t see as a threat and prioritise available capture storage, optimising their limited storage investment.
“Advanced targeted attacks, customised malware, and zero-day attacks are infiltrating networks at an unprecedented rate,” said Mike Fey, Blue Coat President and COO. “Traditional security solutions are simply not keeping pace, and in order to uncover the full source and scope of an attack, incident response teams require full network security visibility. With today’s announcement, we are expanding the tool kit available to incident response teams to easily understand an attacker's methods and activities, so they can swiftly resolve incidents and mitigate further risk.”
“Defending enterprise networks against intrusion requires sophisticated technology. Cyber security professionals need relevant, complete and actionable information – before the alert sounds,” said Christopher Kissel, Senior Industry Analyst, Information and Network Security at Frost & Sullivan. “With its Security Analytics Platform, Blue Coat offers a combination of technologies that maximises network visibility and increases the success of incident detection while also formulating the correct response. The new enhancements and capabilities demonstrate why Blue Coat Security Analytics solution maintains its market position.”