In today's diverse and sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. The detection of critical cyber attacks takes too long. The overwhelming volume of data and alerts, from existing security investments assembled piecemeal, do not provide the context needed for analysts to prioritize incidents. And legacy infrastructure used to investigate and resolve incidents are comprised of multiple point products, requiring manual processes and scarce expert talent. As a result, it has become painstakingly difficult and cost prohibitive to detect, analyze and remediate threats quickly and intelligently, effectively placing organizations in a state of continuous compromise. While security teams drown in the noise, targeted attacks continue to slip by unnoticed.
An evolved approach is in dire need, more so than ever before, for organizations to identify and resolve every incident as efficiently and accurately as possible. The future of security is a holistic approach consisting of function consolidation, integration across point solutions, automation, and ease of use. Threat intelligence must be consumed in a multitude of forms, including existing security investments, then weaponized across the network and endpoints to identify threats. As threats are identified, endpoint and network forensics data, contextual information, and analysis results need to be automatically captured, digested and presented in a unified view. Flexible and powerful automation capabilities are necessary to maximize speed, agility and scalability. Most importantly, these capabilities need to be accessible to analysts of all skill levels, not just the experts.
For most organizations, twenty‐four hours to isolate, analyze and remediate threats is considered impressive. Unfortunately, it's not fast enough. Without automated, rapid response capabilities, the window of exposure is too great, giving attackers time to spread laterally to other systems and establish a foothold. In fact, results from the recent Ponemon study, “Threat Intelligence and Incident Response” show that only 33 percent of respondents believe they are able to identify all compromised nodes in the event of a security breach. Additionally, according to the Verizon's “2013 Data Breach Investigations Report” published by Verizon, data theft happens in minutes for 33 percent of data breaches and within hours for 69 percent.
As organizations scramble to achieve rapid detection and response, they should look for these things:
- Capabilities to automate slow manual processes.
- Scalable, enterprise visibility that can apply threat intelligence and contextual information to endpoint data and network traffic at a deep forensics level.
- An intuitive platform with consolidated capabilities needed to identify, analyze and resolve incidents as they occur.
- Bi‐directional integrations with existing security investments such as SIEMs, firewalls, next‐gen malware detection and sandboxes to take maximize their potential and extend automation.
If you can consolidate, integrate and automate, you can achieve continuous automated incident resolution that will be the only way to defend your domain in this era of continuous compromise.