Organizations must also develop the appropriate Incident Handling process. This process can be set up in a flow chart style. At the top of the process is receipt of correlated incidents. The next stage is categorization where incidents are classified by type of attack and target. At the bottom of the chart a threat assessment and appropriate responses are assigned to the alert. The goal of this process is to have a repeatable, disciplined set of actions that will reduce exposure time and provide an audit trail to measure effectiveness.
The final component of an integrated Threat Management program is the analysis. Organizations must conduct data mining to determine the effectiveness of the program, areas of weakness and the overall threat level facing the organization. Security teams should be able to achieve this by performing ad-hoc correlation and generating reports. Proper analysis can only be performed if the organization deploys the aggregation and correlation technology discussed above. This will provide them with a centralized database for all vulnerabilities, incidents and their associated actions. Analysis is one of the most important components of an integrated Threat Management program. Thorough analysis will provide the feedback necessary for improving this lifecycle over time.
An integrated Threat Management program will enable a true, enterprise-wide intrusion prevention and protection lifecycle. By implementing this program, an organization will fortify their environment, reduce their exposure to threats and attain the security intelligence they need to continuously improve their security. The end result of the integrated Threat Management program is more efficient security management, greater return on security investments and the ability to demonstrate provable security to management and auditors.
Steven Drew is Chief Operating Officer of LURHQ. LURHQ Corporation is the trusted provider of Managed Security Services. Founded in 1996, LURHQ protects the critical information assets of more than 400 customers by offering integrated Threat Management services. LURHQ's 24X7 Threat Management capabilities enable customers to enhance their security posture while reducing the costs of managing their security environments. LURHQ’s OPEN Service Delivery methodology facilitates a true partnership with customers by providing a real time enterprise security and service delivery vision via the Sherlock Enterprise Security Portal. For more information visit http://www.lurhq.com.