The promise was that NetCitadel would be able to integrate data from Moore's network and application firewalls, anti-malware, forensics, and other applications, and then alert and block attacks based on real-time data. "I would be able to, based on workflow and criteria that I define, identify an attack underway and stop certain activity, such as egress traffic to the IP address of the command and control server," Moore says.
In this example, I've effectively stopped the threat from communicating out to its command and control server. This buys us time. We still need to be fast to respond, but we now have additional time, because we've cut it off," he says.
Yesterday, NetCitadel delivered its threat management platform, ThreatOptics, which, the company claims, incorporates data from anti-malware applications, forensics tools, application and network firewalls, and security event and information management systems. The platform can also use firewalls and web gateways to respond in real time to events.
"Good security today isn't reached with detection, it's also about swift response. The ability to capture and integrate data like this is critical to keeping systems and data secure," Moore says.
Sign up for MIS Asia eNewsletters.