Many organizations have adopted a vulnerability-centric approach to security, meaning they spend all their time plugging holes and building new walls around IT assets. While this is an important aspect of securing your increasingly diversified environment, it has not been effective. New holes are discovered daily and new business platforms emerge in multi-cloud environments that outgrow the old walls. You will be breached. You probably already are.
To combat this reality organizations have begun to adopt a threat-centric approach to cybersecurity, which is where there is a focus on detecting and responding to those threats that make it over the walls and through the holes. This approach involves end-to-end visibility and analysis of system traffic and logs, as well as the behavior of users interacting with those systems. This approach has its challenges as well, including:
Systems generate a lot of noise. Finding the needles of indicators of compromise in the proverbial haystack is difficult even with the best technology.
User behavior is dynamic. The technology used for analyzing, baselining, and setting thresholds on human behavior requires continuous optimization and still generates a lot of noise.
Cybersecurity analysts are hard to find and harder to keep. Filtering through all the noise generated by the need for end-to-end visibility takes expertise that is in high demand.
These challenges have a lead to undesired consequences. Many threats remain undetected within an environment for weeks and months. Moreover, it is common that even after detection, threats can take days or weeks to remediate.
If You Can Relate, Integrate
The time between an initial breach and the remediation of threat is the attacker’s window of opportunity. Only by integrating and automating people, process, and technology can organizations effectively utilize a threat-centric approach to shrink an attacker’s window of opportunity. This involves:
Unfragmenting point products by tying them together with a common fabric.
Utilize advanced technologies to reduce the noise and increase the signal of potential threats, giving analysts a starting point for investigation
Automate common incident response processes and workflows to free up valuable human cybersecurity resources
The faster you can bridge the gap between breach and remediation, the less likely you will have a business impacting cybersecurity event. In order to identify indicators of compromise, eliminate false positives, find the scope and breadth of the threat, and then eliminate it within minutes/hours instead of weeks/months; you must move to a threat-centric approach with integration of people, process, and technology. Seek out the assistance of an organization that can offer an end-to-end solution and act as an extension of your team.
Shrink the window. Plugging holes and building walls is not the answer.