Modern perimeters are hard to define and protect. Advanced persistent threats (APTs) routinely succeed in penetrating datacenters through or around defended perimeters. Once inside the datacenter, the threat is free to move around laterally, often without any significant barriers to limit its progress.
Detection needs to be in real time, automated and based on deep understanding of the attack, be it APT, malware or an insider threat. It is essential to look for threats in ALL traffic inside the datacenter, including traffic within the same Hypervisor. Of course, that’s easier said than done, given the explosive rates of east-west traffic.
Detection is key, but not enough. In order to respond effectively, deep understanding of a threat is required, including attack methods, tools, stolen credentials and C&C servers. Manual analysis by a forensic expert often arrives too late to enable a real-time response. GuardiCore’s answer is Automated Semantic Analysis™ of an incident by an expert system capable of figuring out what it all means (i.e. the semantics of the attack) and providing an actionable incident report.
Once a breach is detected and its components semantically analyzed, a real-time response is possible. The next step is to mitigate the spread and remediate infected systems across the infrastructure, all in real time. A timely response reduces exposure time, risk and associated costs.