Cyber Defense eMagazine July 2021 Edition

More documents

Recommendations

Info

Guided-Saas NDR: Redefining A Solution So SOC/IR Teams Aren’t Fighting Adversaries Alone, Distracted and In The Dark By Fayyaz Rajpari, Sr. Director of Product Management, Gigamon The time has come for SaaS-based security offerings to evolve. While the concepts of SaaS date back to 1961 as MIT introduced the use of terminals connected to mainframes, the SaaS concept we know today is largely attributed to Salesforce’s launch in 1999. Starting in the late 2000s cyber-security vendors started to offer email and web security gateway solutions through a SaaS delivery model, removing the complexities of on-premises hardware and software deployment and maintenance while providing a uniform security policy across the enterprise. Cloud-native architectures, continuous development/deployment and the ability to apply elastic computing to cloud-based analytics have propelled innovation to cyber-security products that can’t be achieved by on-premises solutions. Now, ten-plus years later, SaaS-based security offerings need to be re-imagined. By examining the Network Detection and Response (NDR) market we can see SaaS-based security must evolve. SOC/IR teams are rapidly adopting NDRs because of the visibility gaps left by SIEMs and EDRs to identify the presence of adversaries in their network. Cyber Defense eMagazine – July 2021 Edition 92 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
NDR technology is built on three principal tenets to provide SOC/IR teams: ● ● ● Visibility to and metadata retention of corporate network traffic across cloud and core networks; Advanced detection techniques designed to identify presence of adversaries inside the organization; and Capabilities to triage, threat hunt, and investigate activity to understand the adversaries’ activities and formulate comprehensive response plans. These fall into the category of three steps forward, but NDR technology can force SOC/IR teams to take three steps back if we don’t redefine how SaaS-NDR solutions are delivered. Guided-SaaS Step 1: No longer… In The Dark Sixty-nine percent of IT and security practitioners cite network visibility as the top reason for SOC ineffectiveness. As packets are tamper-proof (unlike EDR logs), NDRs provide network context to confidently triage, hunt, and investigate threats effectively. But NDRs don’t magically provide comprehensive visibility. While traditional SaaS-based NDR vendors might work to ensure optimal visibility at the time of deployment, the responsibility falls on the customer’s security teams to make sure the NDR sensors are functioning properly and that the right mirrored traffic is getting to the NDR as networks dynamically change. That’s easier said than done in today’s complex hybrid-world and it doesn’t take long before blind spots popup and the SOC/IR team are left in the dark. A Guided-SaaS NDR delivery model recognizes the importance of including expert lead routine visibility and health checks, where the vendor’s specialists assist to optimize visibility and ensure the NDR sensors are healthy. Guided-SaaS Step 2: No longer… Distracted. Perhaps the most alarming statistic is that 84% of IT and security practitioners also reported that the “Minimization of false positives” as the most important SOC activity. While NDRs provide anomaly-based machine learning detection techniques, they come at a very expensive cost. Most NDRs require an initial 4 weeks of laborious efforts by security analysts to ‘train’ the technology on what is benign and malicious with the end goal of at best ‘reducing’ false positives if done properly. Oh, and then security analysts have to come back and routinely retrain the solution. In other words, the NDR vendor is putting the burden on the customer, distracting them from their focus of identifying and responding to adversaries. That is a crime. Cloud-native NDRs afford us a different approach. With machine learning, behavioral analysis, and threat intel-based detection engines working in the vendor’s cloud, Guided-SaaS NDR vendors can perform the QA and training of their detection engines for their customers, producing high true-positive findings and removing tedious distractions from the SOC/IR team. Guided-SaaS Step 3: No longer… Alone. It’s no secret to anyone with experience in day-to-day SOC activities that the job is intense with 70% of SOC analysts reporting burnout due to the high-pressure environment. Not only is it a race to respond before adversaries carry out their mission, but it's daunting to face the challenge without external support… effectively going it alone. It is here where redefining SaaS can provide a unique benefit to customers. One of the adjacent advances linked to SaaS offerings is software vendors embracing Cyber Defense eMagazine – July 2021 Edition 93 Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Colonial Key Business Pipeline, Les
Page 3 and 4:
Ransomware, the Ultimate Cyber Thre
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s July 2021 Issue
Page 9 and 10:
Cyber Defense eMagazine - July 2021
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Colonial Pipeline, JBS Cyber Attack
Page 35 and 36:
is clear: Cyberattacks will continu
Page 37 and 38:
of management complexity for any bu
Page 39 and 40:
Flipping the Cyber Script Getting A
Page 41 and 42: Trust strategies, they will prevent
Page 43 and 44: The growing threat In the last 12 m
Page 45 and 46: Common Sense Cybersecurity Steps fo
Page 47 and 48: The next big thing: addressing remo
Page 49 and 50: Applying PR tactics is a new page i
Page 51 and 52: NATO to Consider Military Response
Page 53 and 54: The number of open positions in var
Page 55 and 56: 3. Delivery - Transmission of the p
Page 57 and 58: Uncovering the Dark Side of the Col
Page 59 and 60: Energy and Utilities - You Have No
Page 61 and 62: a cyberattack that shut down approx
Page 63 and 64: Ransomware and the Cybersecurity In
Page 65 and 66: About the Author Jack Blount is Pre
Page 67 and 68: The airline industry’s poor recor
Page 69 and 70: Ransomware, the Ultimate Cyber Thre
Page 71 and 72: About the Author Yehudah Sunshine,
Page 73 and 74: A second reason for the increase in
Page 75 and 76: A Case of Identity: A New Approach
Page 77 and 78: Implementing a digital trust ecosys
Page 79 and 80: A 3-Part Plan for Getting Started w
Page 81 and 82: As threats continue to evolve, it
Page 83 and 84: 1. Endpoint and user protection Des
Page 85 and 86: The Risks of The Vulnerable Iot Dev
Page 87 and 88: Insecure Data Transfer and Storage
Page 89 and 90: Three Steps to Building Email Cyber
Page 91: Plan Ahead and Avoid Disaster The H
Page 95 and 96: Hardware Trojan Detection By Sylvai
Page 97 and 98: the properties (user mode, memory a
Page 99 and 100: About the Author My Name is Sylvain
Page 101 and 102: outside coaches - to help them impr
Page 103 and 104: Tips for Avoiding Online Scams Duri
Page 105 and 106: Phishing Example 1 Phishing refers
Page 107 and 108: About the Author Cindy Murphy is th
Page 109 and 110: The recent Feedzai report confirms
Page 111 and 112: Why Cyber Risk Is the Top Concern o
Page 113 and 114: (BEC) attacks, also known as “fak
Page 115 and 116: What Educational Institutions Need
Page 117 and 118: Firewall Security VPN connectivity,
Page 119 and 120: Business Continuity: Where InfoSec
Page 121 and 122: ● ● ● ● How educated are em
Page 123 and 124: Biometrics Challenges By Milica D.
Page 125 and 126: Epic V. Apple Trial - Impact of Big
Page 127 and 128: About the Author Brad Ree is the Ch
Page 129 and 130: eaches because large amounts of hig
Page 131 and 132: • securing mobile and remote work
Page 133 and 134: This topic has great relevance beca
Page 135 and 136: I recommend that leaders of private
Page 137 and 138: fail that promptly. After, say, sev
Page 139 and 140: 1. Infosecurity Europe Where: Olymp
Page 141 and 142: leaders, and help each other advanc
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
You asked, and it’s finally here
Page 155 and 156:
9 Years in The Making… Thank You
Page 157 and 158:
show all

Cyber Defense eMagazine July 2021 Edition

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?