By Doron Davidson, Co-founder & VP Business Development, SecBI
There are several vendors in the cybersecurity landscape who address two major attack vectors, email and web, with security services in a single, fully integrated cloud solution.
As these are preventive security measures, they deal with current, real-time events, blocking entry from the moment something is deemed malicious. You can probably find familiar names of vendors who combine the two types gateways in one synergistic solution among Mimecast, Sophos, and Forcepoint, to name a few. These solutions are quite successful in offering security against malicious web communications typically initiated by users’ actions or malware, blocking inappropriate websites based on pre-configured policies or threat intelligence capabilities.
The missing pieces
There are two missing pieces of these security tools; one is the lack of use of historical data. This limitation is a massive gaping ‘hole’ in the gateways’ effectiveness in preventing entry to malicious communications that occurred in the past. The second missing piece is not combining the analytics and detection of both security sources. Fortunately, these gaps can be filled with the SecBI solution for automated threat detection and response.
Here’s how it works:
SecBI continuously analyzes all the data from both the email and web gateway security solutions. It then applies advanced analytics to build a machine-learning based narrative of the gateways’ traffic and its users’ behaviors. Security analysts are presented with a timeline for full visibility of current and past events, providing critical context to the status of current gateways. SecBI sends alerts relating to the incident’s entire narrative from the moment malicious activities begin, and identifies all related entities.
This comprehensive narrative is based on the chronological view of all data and the analytics-based correlation between the web gateway data and the email gateway data. As a result, security analysts benefit from the full scope of the incident and automated remediation, including playbook-based mitigation enabling policy updates and enforcement by preventive security tools to block similar activities in the future.
In conclusion, email and web security gateways are an excellent start for good cyber defense. But for more comprehensive cyber defense, SecBI’s automated threat detection and response should be part of the mix to augment the value of the gateway solutions.