In segmenting out its "Five Styles" of defense against advanced threats, Gartner advises enterprises to pair at least two "styles" together, such as using both Style 3 for Payload Analysis with Style 5 for Endpoint Forensics.
"Some Payload Analysis vendors have integrated their solutions with Endpoint Forensics vendors, which helps reduce incident response time. Network Traffic Analysis (Style 1) and Endpoint Forensics (Style 5) will provide similar benefits, but there have been fewer partnerships between vendors in these styles." Gartner analyst Lawrence Orans says vendor partnerships are a factor in this decision-making process. Also, some Styles are still quite Windows-centric, whereas Network Analysis is not. "I do see people combining two or more styles together, and there needs to be more of it," he adds.
The Gartner report contains a number of other suggestions on logical combinations of "Styles" as well. Gartner also notes that some vendors, especially the larger ones, are already delivering products that integrate two or more styles. However, the possible downside of enterprises choosing the single vendor approach, Gartner adds, is that "they sacrifice best-of-breed functionality from pure-play vendors that focus on only one style."
Gartner's observations about its Five Styles framework to combat advanced persistent threats to steal enterprise data doesn't mean abandoning more traditional security such as anti-virus, Orans says. The Five Styles framework is specifically for those enterprise security managers willing to "lean forward" into trying focused approaches aimed at keeping dangerous intruders out.
Sign up for CIO Asia eNewsletters.