Integrated threat management is a comprehensive approach to network security that addresses multiple types of malware, as well as blended threats and spam, and protects from intrusion at both the gateway and the endpoint levels. Components of an integrated threat management system are part of a centrally administered architecture.
The integrated approach to threat management developed in response to an environment in which malicious attacks are becoming more frequent, the nature of those attacks is becoming more complex and their impact is becoming more serious for inadequately protected organizations. Many attacks involve blended threats: carefully developed combinations of malware created to cause as much harm as possible. Because of the complexity of attack methods, security approaches protecting from a single type of malware or a single attack vector may fail.
According to a survey of major corporations (reported in Securing the Endpoint and Gateway: CA's Integrated Threat Management Vision), in 2005:
- Malware attacks increased by 48 percent
- Approximately 42 percent of the attacks enabled external access to an infected computer
- 40 percent of the attacks caused the infected machine to download code from a Web site
- 34 percent of the attacks resulted in stolen data
According to Computer Associates (CA), an integrated threat management approach must be complete, for protection from all threats for every component in a heterogeneous environment, and integrated, for simplified administration. A third component of comprehensive threat management is expert and continuous research to monitor external and internal threats and adapt to them on an ongoing basis.