NC1701
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FEATUREREAL-TIME DETECTION<br />
DISAMBIGUATING REAL-TIME THREATS<br />
EYAL BENISHTI, CEO OF IRONSCALES, SAYS THAT EFFECTIVE<br />
DETECTION OF IMMINENT SECURITY THREATS SHOULD BE<br />
COLLABORATIVE AND MULTI-TIERED<br />
Real-time threat detection is a commonly<br />
used term in cybersecurity. Typically,<br />
most organisations interpret this as a<br />
clear indication of either an imminent or<br />
actual security compromise. However, the<br />
past reality is somewhat different: it is most<br />
likely that organisations used real-time<br />
detection software and were observing a<br />
correlation of detections from different<br />
sources. To be of any use, this visibility would<br />
require some informed, expert, manual<br />
analysis to fully understand the data.<br />
Some organisations continue to embrace<br />
this antiquated definition of real-time threat<br />
detection, but doing so is misguided. Realtime<br />
threat detection should provide clear<br />
and actionable information concerning<br />
potentially malicious activity, which can then<br />
be shared and used as a real-time trigger for<br />
real-time remediation. If real-time threat<br />
detection is to add any value, it must provide<br />
visibility of any imminent anomaly, suspicion,<br />
evidence, trend, threat or attack signatures<br />
that can in turn be acted on immediately,<br />
using either human intervention or an<br />
automated response.<br />
THE REAL-TIME REQUIREMENT<br />
Full visibility and insight into your<br />
organisation's networks, servers, cloud,<br />
endpoints and other assets is imperative<br />
given the nature of the threat landscape.<br />
Significant and devastating damage can be<br />
unleashed by attacks that all too often<br />
remain undetected for days, weeks, months,<br />
and even years.<br />
Having said this, there are some specific<br />
reasons why real-time threat detection is now<br />
more important than ever. Firstly, there is a<br />
severe shortage of security professionals to<br />
analyse and remediate events. According to<br />
ISACA, over 84 per cent of organisations<br />
worldwide believe that less than half of<br />
applicants for security jobs are qualified for<br />
the role.<br />
Then there is the frequency of cyber events<br />
requiring expert attention. This can surpass<br />
500 per day for large organisations and adds<br />
a significantly increased risk. Finally, skilled<br />
attackers who have time to expertly hide<br />
within a network or cloud are highly effective<br />
- and they are becoming difficult and<br />
expensive to locate.<br />
INVESTMENTS IN REAL-TIME THREAT<br />
DETECTION<br />
In recent years, Managed Security Service<br />
Providers (MSSPs) have emerged as a<br />
tremendous resource to assist organisations<br />
with 24/7 monitoring and response.<br />
According to the analyst firm Frost & Sullivan,<br />
the MSSP market is expected to surpass<br />
$12.78 billion in annual revenue by 2018,<br />
largely because companies of all sizes can<br />
derive benefit. MSSPs are particularly effective<br />
for small and medium sized enterprises that<br />
are frequently hit by cyber-attack debris or<br />
second wave attacks.<br />
However, no organisation should rely<br />
entirely on MSSPs for their real-time threat<br />
detection. Organisations must invest in<br />
technology to collect and aggregate data,<br />
detect anomalous activity and behaviour, and<br />
automatically respond to events that are<br />
discovered either by internal defence<br />
solutions or by human analysis.<br />
With so many cybersecurity solutions<br />
available, how can an organisation start the<br />
selection process? Since there is no longer a<br />
defined perimeter and with new types of<br />
malware being discovered daily, it's critical to<br />
build a defence-in-depth strategy which<br />
establishes multiple layers of protection and is<br />
served by an automated response to<br />
confirmed attacks.<br />
Since the plethora of cybersecurity products<br />
and solutions show disparate views of an<br />
organisation's defences, security information<br />
and event management (SIEM) software<br />
products that show a unified situational<br />
analysis are a wise investment, especially for<br />
companies understaffed in security. In<br />
addition, it's imperative for organisations to<br />
create a culture of security in which all<br />
employees throughout the organisation are<br />
educated, vigilant, and empowered to protect<br />
company assets.<br />
Embracing a more modern definition of realtime<br />
threat detection requires the collaboration<br />
of products and services, employees, the<br />
security operations centre (SOC) team, IT, the<br />
C-suite and the Board all working together.<br />
Using this unified approach, enterprises can<br />
establish a much better chance of surviving<br />
inevitable cyber-attacks. NC<br />
10 NETWORKcomputing JANUARY/FEBRUARY 2017 @NCMagAndAwards<br />
WWW.NETWORKCOMPUTING.CO.UK