Tuseday, January 9, 2018
The ability to detect an attack and respond to it quickly can be the difference between a minor incident and a breach that costs resources and reputation. The good news is that organizations are making strides in security breach detection, according to the 2017 Trustwave Global Security Report, which examines the results of thousands of investigations into security incidents.
When looking at incidents in 2016, the median time from intrusion to detection of a compromise fell to 49 days, down from 80.5 days in 2015. As tools such as managed security service (MSS) providers and artificial intelligence are more widely developed and deployed, the median time between intrusion and detection could fall even further this year.
Here are three strategies to consider when looking to improve detection and response before threats take root and cause damage.
1. Managed Security Service Providers Can Help
MSS providers offer outsourced monitoring of security devices and systems. By employing an MSS provider, companies receive 24-hour access to a team of experienced security practitioners who help contain and investigate attacks. Trustwave found that self-detected incidents – through a company’s internal team or a third-party service, like an MSS provider – were discovered an average of 60 percent faster compared to those found through an external party, such as law enforcement or a regulator. This is an important factor when every additional day leaves the attacker free to inflict more damage.
2. Getting Ahead with Artificial Intelligence
The cybersecurity hiring crunch and fast-spreading ransomware attacks have led companies to turn to artificial intelligence (AI) to automate tasks and better detect threats by recognizing patterns and the anomalies within them. Barclays Africa, for example, is using AI to look for indicators of compromise across the firm’s network, both on premises and in the cloud. “As the global threat landscape is advancing quite quickly, both in ability and collaboration on the attacker side, we really must use advanced tools and technologies to get ahead of the threat themselves,” said Kirsten Davies, group CSO at Barclays Africa.
For smaller companies, responding to security events is especially labor-intensive. For example, Daqri, an Los Angeles-based augmented reality company, has a one-person security operations center. In order to effectively monitor traffic from the approximately 1,200 devices in its environment, the company uses AI. “When you look at the network traffic, you can see if someone is doing port scans or jumping from host to host, or transferring out large sections of data through an unconventional method," says Minuk Kim, the company's senior director of information technology and security. The company collects this data and feeds it into a deep learning model, allowing them to make informed guesses on what traffic may be malicious.
3. Centralizing the Response
Beyond the need for situational awareness, the industry faces a lack of centralization when dealing with threats. IT experts are working manually in many different dashboards and applications to analyze issues that could be streamlined into one interface. The future of the industry, according to LogRhythm Technology Alliances Engineer Jack Reynolds, lies in “swivel chair analysis.” In a recent Fuel webinar, Reynolds noted that by centralizing security processes, the industry can eliminate unnecessary training and cut down on mistakes made by too many people trying to do one job. If a small group or individual expert can see the full scope of defense and get information quickly, breaches and their damages can be limited more efficiently.
Key Investments Will Move the Industry Forward in 2018
If experts are able to implement these tools and increase their speed of response, the results could be exponentially beneficial. The cybersecurity industry is trending toward more efficient processes and companies would do well to get ahead of the curve. A survey from Gartner in August found worldwide spending on information security products and services would reach $86.4 billion in 2017, up seven percent from 2016. In the year ahead, it’s expected that application security testing, data loss prevention and advanced threat protection will be among the key investments companies make.
For more information and tips for faster threat detection and response, Fuel members can stream the webinar “Protect Your Organization with Threat Lifecycle Management.”
Not a Fuel member? Join for free today.
Check out these Fuel blogs for further reading:
- Cybersecurity Question of the Month: Tools for Increased Efficiency
- The Importance of Network Visibility in a Growing Threat Landscape
- 3 Strategies to Better Secure Point-to-Point VPNs