Today’s columnist, Lior Div of Cybereason, theorizes that the attackers in the SolarWinds hack took advantage of the industry’s alert-centric approach. The attackers lurked for months, but disparate systems flooded organizations with logs they could not analyze. Div says we need an operation-centric approach that frees up resources via automation and lets the top security people focus on the real threats. (ecooper99/CC BY 2.0)

In today’s threat landscape, targeted attacks are increasingly taking aim at multiple users and devices simultaneously as well as leveraging a wider range of tactics, techniques, and procedures. As defenders, we’re often forced to work in silos because of our dependence on an ever-growing array of tools that focus only on the assets they are designed to protect.

That means there’s often one solution for preventing attacks on the endpoint, another for ensuring cloud workloads are locked down, yet another for protecting mobile devices in the field, and yet another for identity and access control. This forces security teams to look at attacker operations as individual, isolated events because it’s impossible to track activity across multiple devices, platforms and users at the same time.

Please register to continue.

Already registered? Log in.

Create Free Account Log in to Existing Account

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Topics:

SIEM Threat intelligence Threat Security Intelligence