Automated Security Remediation On The Rise
APTs and other types of sophisticated attacks are undoubtedly changing information security processes, technologies, and skills, but ESG found another interesting transition in progress: Given the volume, sophistication, and surreptitious nature of APTs, large organizations are apparently willing to adopt more automated security technologies as a means for attack remediation. ESG’s recently published research report on APTs indicates that 20% of enterprises believe this development will happen “to a great extent” while another 54% say this will happen “to some extent.” (See this link for more information about the ESG Research Report, U.S. Advanced Persistent Threat Analysis).
I think this was the link omitted from the article: http://www.enterprisestrategygroup.com/2011/11/apt/
Guess what the #2 requirement was?:
Reputation data must play a role. Aside from internal network analysis, security intelligence must understand if a source/destination IP address, URL, application, DNS record, or file is known to be suspicious or malicious. Reputation data from Blue Coat, Check Point, Cisco, and Trend Micro must be part of the mix.
Err, how about who owns the IP address, DNS record, etc. and links to information on them?
Assume you as sitting on reports from credit reporting agencies (domestic intelligence agencies), DNS records and information from “other” sources that you can sell upstream to enterprise security vendors. Does that sound like a topic map based startup to you?