Cyber Defense eMagazine July 2021 Edition
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
NDR technology is built on three principal tenets to provide SOC/IR teams:<br />
●<br />
●<br />
●<br />
Visibility to and metadata retention of corporate network traffic across cloud and core networks;<br />
Advanced detection techniques designed to identify presence of adversaries inside the<br />
organization; and<br />
Capabilities to triage, threat hunt, and investigate activity to understand the adversaries’ activities<br />
and formulate comprehensive response plans.<br />
These fall into the category of three steps forward, but NDR technology can force SOC/IR teams to take<br />
three steps back if we don’t redefine how SaaS-NDR solutions are delivered.<br />
Guided-SaaS Step 1: No longer… In The Dark<br />
Sixty-nine percent of IT and security practitioners cite network visibility as the top reason for SOC<br />
ineffectiveness. As packets are tamper-proof (unlike EDR logs), NDRs provide network context to<br />
confidently triage, hunt, and investigate threats effectively. But NDRs don’t magically provide<br />
comprehensive visibility. While traditional SaaS-based NDR vendors might work to ensure optimal<br />
visibility at the time of deployment, the responsibility falls on the customer’s security teams to make sure<br />
the NDR sensors are functioning properly and that the right mirrored traffic is getting to the NDR as<br />
networks dynamically change. That’s easier said than done in today’s complex hybrid-world and it doesn’t<br />
take long before blind spots popup and the SOC/IR team are left in the dark. A Guided-SaaS NDR<br />
delivery model recognizes the importance of including expert lead routine visibility and health checks,<br />
where the vendor’s specialists assist to optimize visibility and ensure the NDR sensors are healthy.<br />
Guided-SaaS Step 2: No longer… Distracted.<br />
Perhaps the most alarming statistic is that 84% of IT and security practitioners also reported that the<br />
“Minimization of false positives” as the most important SOC activity. While NDRs provide anomaly-based<br />
machine learning detection techniques, they come at a very expensive cost. Most NDRs require an initial<br />
4 weeks of laborious efforts by security analysts to ‘train’ the technology on what is benign and malicious<br />
with the end goal of at best ‘reducing’ false positives if done properly. Oh, and then security analysts<br />
have to come back and routinely retrain the solution. In other words, the NDR vendor is putting the burden<br />
on the customer, distracting them from their focus of identifying and responding to adversaries. That is<br />
a crime.<br />
Cloud-native NDRs afford us a different approach. With machine learning, behavioral analysis, and threat<br />
intel-based detection engines working in the vendor’s cloud, Guided-SaaS NDR vendors can perform the<br />
QA and training of their detection engines for their customers, producing high true-positive findings and<br />
removing tedious distractions from the SOC/IR team.<br />
Guided-SaaS Step 3: No longer… Alone.<br />
It’s no secret to anyone with experience in day-to-day SOC activities that the job is intense with 70% of<br />
SOC analysts reporting burnout due to the high-pressure environment. Not only is it a race to respond<br />
before adversaries carry out their mission, but it's daunting to face the challenge without external<br />
support… effectively going it alone. It is here where redefining SaaS can provide a unique benefit to<br />
customers. One of the adjacent advances linked to SaaS offerings is software vendors embracing<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2021</strong> <strong>Edition</strong> 93<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.