Cyber Defense eMagazine December 2019

More documents

Recommendations

Info

89 Faced with an overwhelming volume of alerts and the draining reality of false alarms at the SOC (Security Operations Center), you begin to wear down. Just like the jaded townspeople in the story of the boy who cried wolf, you become apathetic and start turning a blind eye. Similar to 31.9 percent of your security colleagues, you begin to ignore alerts due to the high number of false positives. And that’s how we get here: Of the typical 17,000 alerts received per week, only 4 percent ever get investigated. Ouch. <strong>Cyber</strong> wolves everywhere lick their virtual chops at these numbers as the odds of slipping real threats past overwhelmed, alert-fatigued defenses become quite favorable. Misconfigured detection tools are to blame for triggering many of the false positives, and with the growing security stack and increasing complexity of current defense technology, this trend doesn’t appear to be slowing. Expanding cloud and Internet of Things (IoT) adoption is only expanding the attack surface and encouraging organizations to invest in more security tools. Where does all this leave worn-out analysts and overloaded security operations centers? In desperate need of an ally. Thankfully machine-learning enabled automation is emerging as a method to streamline alert handling. Provides Context Context is a critical factor in identifying and confirming the validity of threats. Data drives these contextual relationships, and automation excels collecting, organizing and correlating data in real time. It leverages the data necessary to identify contextually related alerts, cross-references case details from multiple systems, spots trends, prioritizes cases and drives faster response. Manual workflows can’t process or analyze data fast enough to keep pace with evolving threat landscapes or deliver at scale. Besides, humans are notoriously awful at following a consistent standard. Programmed cognitive automation removes the “people risk” by adhering to a regular, repeatable standard when managing and analyzing data. Shrinks Volume Automation shrinks the pool of alerts by swiftly weeding the potentially malicious from the benign. Machine learning quickly recognize the familiar “seen-before” alerts as false positives and removes them from the queue. The smaller number of “not-seen-before” alerts can then be passed on for further investigation. This validation works a massive glut of alerts down to a manageable number for human examination. With the assistance of the right automation tools, cases can be reduced up to 80 percent. Automated triage saves time, and lets humans utilize superior cognition for higher-level tasks, rather than burn out on the mind-numbing process of examining each alert.
90 Allows Transparency and Drive Learning Automation also precisely records workflows, which permits a deeper investigation of false positives. Why did each one occur? How can a recurrence be prevented? If controls are too sensitive, what should the readjustment be? From this insight, databases of knowledge can be compiled to feed artificial intelligence systems, build out playbooks and teach future analysts, foregoing the need to retain so-called tribal knowledge and manual processes to triage, investigate and respond to incidents. In fact, automation’s most profound contribution may be its ability to allow examination of today’s misfires to create the information necessary to prevent tomorrow’s. Don’t Overlook the Benefits of False Positives The benefits of false positives? Sounds funny, right? We just finished discussing all the adverse effects false positives can have on an organization, and, yet, eliminating them may not be the best course of action. False positives do provide a valuable service as they can be a useful guideline for monitoring sensitivity control. An optimal defense threshold is high enough to detect real threats yet low enough not to trigger too many false positives. If your organization is recording zero false positives, you’re most likely missing something. The best strategy is having a few false positives, with automation in place, to help create a stronger screening process moving forward. Navigating the evolving threat landscape, while striking the perfect defense threshold balance, can be exceptionally challenging for today’s SOC (security operations center). Security automation leverages data in real time, and with the capability it provides to learn from mistakes, false positives will no longer be a debilitating hindrance but rather another tool for the defense. About the Author Steve Salinas is a 20-year veteran of the IT and cybersecurity industries. He is currently director of product marketing at Siemplify, a leading independent SOAR provider. For more information, visit: https://www.siemplify.co or follow @Siemplify on Twitter.
Page 1 and 2:
1 8 Most Common Cybersecurity Mista
Page 3 and 4:
2
Page 5 and 6:
4 The Internet Got Safer In 2019: A
Page 7 and 8:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 9 and 10:
8
Page 11 and 12:
10
Page 13 and 14:
12
Page 15 and 16:
14
Page 17 and 18:
16
Page 19 and 20:
18
Page 21 and 22:
20 8 Most Common Cybersecurity Mist
Page 23 and 24:
22 You can prevent (or decrease) th
Page 25 and 26:
24 While it’s not feasible to res
Page 27 and 28:
26 The major difference is the addi
Page 29 and 30:
28 Oh, my! PerCSoft’s Irony By Ch
Page 31 and 32:
30 • Conduct cybersecurity traini
Page 33 and 34:
32 Persistent Cybersecurity Industr
Page 35 and 36:
34 Automation is welcome and seen a
Page 37 and 38:
36 Protecting Against Modern Cybera
Page 39 and 40: 38 Conclusion Unfortunately, no tec
Page 41 and 42: 40 For 2020 The Death of Traditiona
Page 43 and 44: 42 The Next Five Years The End of E
Page 45 and 46: 44 Government Agencies Are Prime Ta
Page 47 and 48: 46 It’s a basic fact of contempor
Page 49 and 50: 48 simpler way to approach these pr
Page 51 and 52: 50 Why Outsmart Cyber Attackers Whe
Page 53 and 54: 52 Depending on how you look at it,
Page 55 and 56: 54 devices. Russian actors can extr
Page 57 and 58: 56 How to Become a Cybersecurity Sl
Page 59 and 60: 58 industry. Perform online searche
Page 61 and 62: 60 The Security Challenges of Robot
Page 63 and 64: 62 The typical approach in providin
Page 65 and 66: 64 The Blockchain And Wireless Tech
Page 67 and 68: 66 systems. As is quite well-known,
Page 69 and 70: 68 Benefits of Having an SSL Certif
Page 71 and 72: 70 Google has made SSL compulsory s
Page 73 and 74: 72 This year, privacy and security
Page 75 and 76: 74 The Perspectives Of The 5th Indu
Page 77 and 78: 76 The balance between offense and
Page 79 and 80: 78 The Rise of Cybercrime-As-A-Serv
Page 81 and 82: 80 About the Author Mark Belgrove i
Page 83 and 84: 82 the conflict. Practically, it’
Page 85 and 86: 84 fact is something that would see
Page 87 and 88: 86 Furthermore, Tessian in 2019 del
Page 89: 88 Automatic for The SOC People How
Page 93 and 94: 92 Only large enterprises can benef
Page 95 and 96: 94 The Growing Costs of Cyber Attac
Page 97 and 98: 96 After suffering a cyber attack m
Page 99 and 100: 98 Some of the most damaging Inside
Page 101 and 102: 100 Out-Smarting the Cybersecurity
Page 103 and 104: 102 Empower Other Teams Network and
Page 105 and 106: 104 New Security Report Highlights
Page 107 and 108: 106 The Threat Lab team also analyz
Page 109 and 110: 108 Drive, AWS, Office 365, etc. It
Page 111 and 112: 110 former governor, this bill also
Page 113 and 114: 112 I mean, if you want to be able
Page 115 and 116: 114 Is It Safe to Connect to Public
Page 117 and 118: 116 5. Safe Browsing Additional dil
Page 119 and 120: 118 flawed method in which Evernote
Page 121 and 122: 120 Really, Imagine a Day Without W
Page 123 and 124: 122
Page 125 and 126: 124
Page 127 and 128: 126
Page 129 and 130: 128
Page 131 and 132: 130
Page 133 and 134: 132
Page 135 and 136: 134
Page 137 and 138: 136
Page 139 and 140: 138 Meet Our Publisher: Gary S. Mil
Page 141 and 142:
140 Free Monthly Cyber Defense eMag
Page 143 and 144:
142
Page 145 and 146:
144
Page 147 and 148:
146 Nearly 8 Years in The Making…
Page 149 and 150:
148
Page 151:
150
show all

Cyber Defense eMagazine December 2019

Create successful ePaper yourself

Delete template?

Save as template?