The evolution and increased frequency of malware and APTs has reduced the effectiveness of traditional threat detection and enforcement solutions. With nearly 200,000 new malware samples appearing each day 1, new detection solutions have emerged to detect the new attacks, producing more threat events than can be evaluated or managed in a timely fashion. To make matters worse, most organizations have only a handful of highly trained security analysts who are tasked with manually executing the all-important steps of investigating, verifying, prioritizing, and containing the detected threats. Clearly, the gap between detection and response is getting wider.
NetCitadel is developing the first threat management platform of its kind, one that addresses the security analysis and intelligence needs of today's incident response teams. This analytics-driven approach uniquely adds rich context data to events generated by threat detection devices such as Advanced Malware Detection (AMD) systems and Security Incident and Event Management (SIEM) to facilitate rapid and intelligent decisions. In addition, NetCitadel's solution integrates with existing security devices, such as firewalls and web proxies, to deliver real-time responses to security events.
"We have a rich mix of threat detection solutions to identify potential security events as they happen, but we quickly discovered that visibility was only half the battle," said Kevin Moore, Director of Information Technology at Fenwick & West LLP. "Once an event has been detected, our team still has to spend precious time researching, verifying and prioritizing events before we can start responding to the threat. NetCitadel closes the gap between threat detection and rapid response by providing our team with deep contextual data for each incident as well as supporting a variety of network enforcement options. It's our Incident Response analyst 'in a box'."
Without the proper context, it is almost impossible to prioritize events and make good security decisions. Unfortunately, many security teams are forced to collect critical context data using time-consuming manual processes.
According to Gartner, "Security platforms must become context-aware -- identity, application, content, location, geolocation and so on -- in order to make better information security decisions." 2
NetCitadel's solution delivers the necessary context in an easy-to-use interface that enables security analysts to quickly verify which issues are real and which issues can be safely ignored.
"Today's enterprises require a new paradigm for responding to advanced malware and sophisticated cyber-attacks – what they need is the ability to understand context, quickly analyze the threat, and react in real-time," said Mike Horn, NetCitadel co-founder and CEO. "NetCitadel uniquely enables organizations to significantly reduce the time and effort required to understand and contain detected threats, creating in a highly adaptive environment that responds rapidly to new threats."
Note 1 – Kaspersky Lab, "Best Practices That Apply to All Technical Control Layers," June 19, 2013.
Note 2 – Gartner Inc., "Best Practices for Mitigating Advanced Persistent Threats," by Lawrence Pingree, et al, September 12, 2013.
NetCitadel was founded by a team of security, networking and virtualization veterans to revolutionize incident response by transforming modern security events into automated actionable intelligence. Headquartered in Mountain View, Calif., the company is venture backed by NEA and other investors. For more information about NetCitadel and its solutions, call (650) 564-4285 or visit http://www.netcitadel.com.