Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Tue, 11 Jul 2017 12:00:11 +0000
In today’s world, security teams are bombarded constantly with security events and threat information from multiple sources, making it impossible to address each threat with the same amount of urgency. Where does one even start? We know every threat should be addressed, but not all threats are created equal. How do we determine which ones should be taken care of first? Your ability to close the loop from initial detection to enforcement and remediation can be difficult, if not impossible, without visibility into prioritized threat information you need to take action to protect your most valuable assets.
The Trend Micro TippingPoint Security Management System (SMS) Threat Insights, powered by XGen™ Security, aggregates threat data from multiple sources and compiles it to help you prioritize security response measures, increase visibility into current and potential threats impacting your network, and provide insight into preemptive protection actions that may have already been taken.
Identify breached hosts, which are infected or under attack based on blocked or allowed attempts – The Breached Host section gives you a “host-centric” view of any breached hosts in your network and lets you know if you’re blocking attempts to reach out. If you use Microsoft Active Directory, you can drill down all the way to the user name.
Integrate with industry-leading third-party vulnerability scan solutions to identify vulnerabilities and disclose the corresponding Digital Vaccine® (DV) filters required to remediate and optimize security posture – Using our Enterprise Vulnerability Remediation (eVR) feature on the TippingPoint SMS, the “Attacked Vulnerable Hosts” section can show you what vulnerabilities, listed by CVE, have been discovered in your network and if you are blocking or permitting them in your network. You can flag certain CVEs for follow-up, track any policy changes and deploy tuned security policies all from the same workflow.
Distinguish potential threats classified as malicious and whether suspicious objects have been blocked or permitted – You can automatically block known and undisclosed vulnerabilities from the network using the TippingPoint NGIPS. The “Suspicious Objects” section shows if the TippingPoint NGIPS automatically forwarded unknown or suspicious indicators of compromise (IOCs) to SMS Threat Insights. IOCs are confirmed malicious by coordinating with the TippingPoint Advanced Threat Protection Analyzer for in-depth sandbox analysis and remediation, all without changing policy or altering network infrastructure.
Determine if any zero-day DV filters developed using exclusive access to vulnerability data from the Zero Day Initiative (ZDI), have triggered, indicating pre-emptive protection for a vulnerability or a potential zero-day threat for an undisclosed vulnerability awaiting a patch –In the “ZDI Filter Hits” section, you can also see how long in advance you have been protected from zero-day threats on your network and determine if there are any undisclosed vulnerabilities being exploited in your network. By the way, if those undisclosed filters happen to fire in your network, we’re the only ones that will be able to protect you because no other vendor will have access to the vulnerability information!
Address any devices that need attention – You have a bird’s-eye view of all of your TippingPoint devices to see if any of them require attention. You can also easily set your TippingPoint devices to layer 2 fallback status if needed.
If you are a TippingPoint customer using the Security Management System (SMS), you already have access to Threat Insights. The SMS Threat Insights interface is HTML5 based and available for both desktop and mobile device access using SMS v4.6.0. If you need help upgrading to the latest version, you can contact your account team or the Threat Management Center for assistance.
For more information on TippingPoint SMS Threat Insights, please visit here.
