The evolving complexity and increased frequency of malware and APTs have driven the need for next-generation Advanced Malware Detection (AMD) solutions and Security Information and Event Management (SIEM). While effective, these detection tools generate unmanageable volumes of security alerts, and make it difficult for Incident Response teams to verify, prioritize, and respond to the most urgent threats in a timely and effective manner. Traditional response processes are manual, time-consuming and error-prone, thus leaving organizations exposed. This, combined with the ongoing shortage of skilled cyber security resources, necessitates a new, more automated approach to incident response.
Now, by closing the gap between detection and response, NetCitadel ThreatOptics transforms traditionally rigid workflow and manual response capabilities into dynamic defenses capable of automatically responding to malicious attacks in real-time.
"As the law firm for ground-breaking technology and life sciences companies, Fenwick is heavily invested in making sure our infrastructure is secure," said Kevin Moore, Director of Information Technology at Fenwick & West LLP. "We recognize that a proper security posture is not just about detection, it also includes an effective analysis and response capability. NetCitadel ThreatOptics provides our security team with rich context data for efficient security response that is critical to our ongoing mission to keep our networks, servers, and end points secure."
NetCitadel ThreatOptics is the first threat management platform of its kind, addressing the security analysis and intelligence needs of today's Incident Response teams. NetCitadel's analytics-driven approach uniquely adds rich context data to security events generated by devices such as FireEye®, Palo Alto Networks®, and HP ArcSight®, and analyzes the data to facilitate rapid and intelligent decisions. In addition, ThreatOptics integrates with existing security enforcement devices, such as firewalls and web proxies, to deliver real-time responses to security events.
According to Gartner, Inc., "Security buyers that add these new detection methods will quickly find that the event of detecting malware or a compromised system itself is not deterministic for reporting on the impact of the attack. Other factors are needed to better handle the workload of new events in terms of company impact. For example, the systems and users involved, the sensitivity of the data in play, what external parties are involved, and situational attack visualization become key to quickly and accurately prioritizing events in which to dispatch investigation teams."1
Without the proper context, it is almost impossible to prioritize events and make good security decisions. The proper context in an integrated view, however, enables security analysts to quickly verify which issues are real and which issues can safely be deprioritized.
"NetCitadel ThreatOptics solves the industry's security alert overload problem by automatically surrounding alerts with meaningful context," said Mike Horn, NetCitadel co-founder and CEO. "We're pleased to help security analysts and Incident Response teams demonstrably increase their security responsiveness while leveraging existing security resources. By lowering the cost of exposure and increasing security, NetCitadel frees up more IT staffers to engage and positively impact other security priorities in the organization."
NetCitadel ThreatOptics dynamically updates existing security devices to respond instantly to security events as they are detected. With NetCitadel, once a security event has been detected anywhere in the network, subsequent attempts to connect to the source of the infection will be blocked across the entire network proactively, eliminating widespread outbreaks of the same security threat.
About NetCitadel ThreatOptics
NetCitadel ThreatOptics leverages intelligent threat event context and patent-pending security orchestration technologies to deliver real-time responses to security events. Rich sources of security information, from systems such as Security Information and Event Management (SIEM), Advanced Malware Detection (AMD) and Intrusion Detection Systems (IDS) are seamlessly integrated to work with existing security devices, such as firewalls and web proxies. Deployed as a virtual appliance, ThreatOptics leverages security event information and, based on the information in the security event, updates existing security devices to react to those security events in real-time. By using ThreatOptics, organizations can dramatically reduce the time it takes to respond to an identified security event by enabling either a fully automated or semi-automated response. ThreatOptics uses proprietary security intelligence algorithms to help enterprises determine the severity of a security event as well as the appropriate response to that event.
Availability and Pricing
NetCitadel ThreatOptics will be generally available next month from NetCitadel as a virtual appliance. Pricing begins at approximately $50,000 and goes up based on the number of users and the size of the security infrastructure. More information on pricing and purchasing information can be found at www.netcitadel.com.
NOTE 1 – Gartner, "Advanced Targeted Attacks Influence Security Spending and Create Partnering or Acquisition Opportunities," by Eric Ahlm and Lawrence Orans, Sept. 26, 2013.
NetCitadel is the pioneer in innovative security threat management. Recognizing the dramatic growth in cyber-attacks and the increase in targeted attacks using Advanced Persistent Threats (APTs), the company identified the need to operationalize the overwhelming volume of security data. Its threat management platform, ThreatOptics, leverages patent-pending technology to link existing network security devices with real-time security event information, resulting in an infrastructure capable of adapting to new threats instantly. Headquartered in Mountain View, Calif., the company is venture backed by NEA and other investors. For more information about NetCitadel and its solutions, call (650) 564-4285 or visit http://www.netcitadel.com.