THE GENIUS OF DATA: MAKING INTELLIGENT SECURITY A REALITY

Transcription

1 THE GENIUS OF DATA: MAKING INTELLIGENT SECURITY A REALITY

2 MAKING INTELLIGENT SECURITY A REALITY THE DATA-DRIVEN REVOLUTION THE SCALE OF THE CHALLENGE Cybercriminals and information security professionals have been locked in a constant struggle to stay one step ahead of each other for decades. Inevitably, this meant cybersecurity remained on the back foot always reacting, rather than acting. As new threats evolved, organisations simply bolted on the latest security technologies available to counter them. This reactive approach has become unsustainable. Faced with an ever-expanding attack surface and limited time, money and expertise, organisations are being overwhelmed by a tsunami of information from the very devices they installed to solve the cybersecurity challenge. The average enterprise now has over 40 disparate security systems, resulting in millions of uncorrelated logs and alerts that most security teams can t find time to review, let alone interpret. Far from remedying the security challenge, this deluge of data actually makes it harder to identify the small percentage of threats that really matter to an organisation. With every industry seeing the size of breaches and the names involved grow larger each year, boardrooms worldwide are desperate for a better approach. Every business is now a digital business and organisations must find a more effective way to defend themselves or suffer the disruption, lost revenues, reputational damage and regulatory fines that are the inevitable consequences of a breach. THE GROWING RISK Source: informationisbeautiful.net ACTIONABLE OR APPLIED THREAT INTELLIGENCE MEANS BOTH UNDERSTANDING YOUR ADVERSARY, AND UNDERSTANDING THE TOOLS AND TECHNIQUES THEY MIGHT USE Method of Leak Hacked Accidently Published Inside Job Lost/Stolen Laptop Lost/Stolen Media Poor Security Other According to IBM, the world produces 2.5 quintillion bytes of data every day. In fact, 90% of all global data has been created in the last two years alone. This dramatic growth is mirrored in the huge volume of alerts and device logs now being generated inside organisations, while still more relevant security information is available externally, for instance in the form of online threat feeds. While this explosion of security information has presented organisations with a major challenge, it also offers a radical new solution. Today s data-driven revolution means we finally have the chance to end the vicious cycle of reactive security and take firm control over cyber risk. At the core of data-driven security lies the revelation that this ocean of information contains the insights organisations need to identify and stop the risks that matter. If vast amounts of internal and external security data can be aggregated and analysed effectively, organisations can arm themselves with actionable intelligence about their security posture. With these insights it becomes possible to fix vulnerabilities proactively, spot dangers on the horizon, detect attacks before they impact on business as usual, resolve incidents more quickly and prevent them from reoccurring. Meanwhile, with a better understanding of how attackers think, behave and select targets, businesses can make far more of existing security budgets and focus scarce resources where they re needed most. As such, data-driven security holds the key to meeting today s most urgent challenges from multiplying threats and more sophisticated threat vectors, to the expanding attack surface and skyrocketing IT complexity. It empowers businesses to make informed decisions and pre-emptively defend against the most dangerous and relevant threats. A THREAT INTELLIGENCE PLATFORM SHOULD IDEALLY CORRELATE ALL OF THE OUTPUTS FROM THE MAJOR SECURITY DEVICES THAT PRODUCE LOGS ACROSS A CUSTOMER S ESTATE. IT SHOULD ALSO TAKE IN OPEN SOURCE AND PAID FOR THREAT FEEDS, INDICATORS OF COMPROMISE, AND HUMAN INTELLIGENCE. Making data-driven security a reality can be challenging. Expert people, robust processes and big data analytics must all combine to deliver useful, contextualised intelligence in real-time. An even greater challenge lies in producing actionable intelligence in a way that s not just useful, but usable: ultimately, data-driven security must be easy and cost-effective to consume. Even the world s most effective threat intelligence solution is of little benefit if it demands endless resource or a bottomless budget. 82% of businesses say senior management places high or very high priority on security 90% of large businesses and 74% of small businesses were breached last year 59% of businesses expect a greater number of security incidents next year Source: UK Government & PWC DATA-DRIVEN BENEFITS 1 - Enhanced security and risk posture Expose and prioritise security gaps Proactively fix vulnerabilities Identify threats on the horizon Detect threats before they impact Resolve incidents more quickly Prevent issues from reoccurring 2 - Focused spending Make more of existing security budgets Apply scarce time, money and resource where it s needed 3 - Scalability and flexibility Adapt in real-time to new dangers Flex security with changing business needs

3 THE FIVE PILLARS OF DATA-DRIVEN SECURITY APPLYING DATA-DRIVEN SECURITY There are five crucial, interdependent components to data-driven security. To make it a reality, organisations must excel in each and every area. 1 - Expert people Security is a multi-faceted world where there s rarely a single point of failure, or one action that can solve a problem. To join the dots in complex data and identify the common patterns that signify critical threats, organisations need access to people with an exceptional understanding of offensive security. These experts are essential to propel data-driven security from generic notifications to bespoke intelligence. Yet even for the best analysts, extracting actionable insights from raw data is tricky and time-consuming. As such, it s also essential that they re armed with versatile forensics tools that can apply their expertise to today s security challenge effectively. 2 - Robust processes To be effective, data-driven security must keep pace with dynamic threat and business environments and focus the limited time of expert analysts on the areas that matter most. Any organisation hoping to capitalise on it needs robust, automated processes that make it rapid, scalable and cost-effective. For instance, 24x7x365 monitoring, automated alert escalation and incident triage on demand will be essential to maximise the benefits of threat intelligence. THREAT INTELLIGENCE IS NOT SOMETHING YOU SHOULD ATTEMPT TO BUY-IN AND SELF-MANAGE. Given the essential components that make up data-driven security, the barrier to entry is extremely high. Almost no organisation is capable of building its own threat intelligence platform, as this requires enormous investment in specialist people, processes and technologies with no guarantee of success. Big Data analytics platforms are particularly expensive to procure, difficult to deploy and complicated to run. Meanwhile, attracting the best cyber analysts is an impossible challenge, at least for small and medium-sized businesses. A shortfall of 1.5 million security professionals is predicted by 2020, with one in four organisations already facing a problematic shortage of cyber talent. Additionally, security is not the central business focus for most organisations, making them ill equipped to build the complex processes and methodologies necessary to harness the potential of data-driven security. Given that the threat landscape is fluid and fast moving, any intelligence platform will also demand a considerable on-going investment in maintenance, management and improvement. Clearly the building blocks of security intelligence are too complex and weighty for most organisations to carry alone. To make security intelligence useful and useable, someone else must take care of the heavy lifting. Fortunately, simple and straightforward access data-driven security isn t an impossible vision. 3 - Real-time outputs Since both external threats and the security posture of an organisation change daily, threat intelligence has a short shelf-life. This means people, process and technologies must come together to extract actionable intelligence and feed it back into a business in real-time for it to be truly valuable. THE FIVE PILLARS OF DATA-DRIVEN SECURITY THE DATA TSUNAMI 4 - Big data analytics When dealing with vast amounts of data, machine automation is crucial to correlate information effectively and extract vital security intelligence. Fortunately, Big Data analytics has advanced to the point where it s possible to aggregate and correlate millions of security logs in the cloud identifying the one per cent of threats that are directly relevant to an organisation s environment, delivering alerts to security analysts that focus their time on the threats that matter, and even taking automatic defensive actions. 5 - Contextualisation There s no benefit to hearing about every potential security threat out there in fact, the vast majority will be irrelevant. As such, data-driven security is only valuable when it takes into account the context of the organisation s environment: the assets to protect; the systems in use; and the vulnerabilities and issues that exist within it. Only by correlating a deep view of an organisation s dayto-day network behaviour with threat intelligence feeds from the outside world does it becomes possible to identify normal and build a true picture of its security posture. 5 - Contextualisation 1 - Expert People 2 - Robust processes 4 - Big data analytics 3 - Real-time output 40% OF COMPANIES ARE OVERWHELMED BY THE SECURITY DATA THEY COLLECT Source: Security Week, EMC THE AVERAGE ORGANISATION NOW PRODUCES 10,000 SECURITY EVENTS PER DAY WITH THE MOST ACTIVE GENERATING ROUGHLY 150,000 35% OF COMPANIES LACK THE TIME OR EXPERTISE TO ANALYSE THE DATA THEY COLLECT

4 SERVICES ARE THE SOLUTION A service-led approach makes data-driven security practical, efficient and cost-effective. By supporting not one, but thousands of businesses, service providers benefit from economies of scale meaning they can invest in the outstanding people, processes and technologies necessary to turn raw intelligence into actionable, contextualised insights in real-time. Better still, service providers have the experience to deliver actionable intelligence in a scalable and easy-to-consume way, around-the-clock. By harnessing the power of Cloud computing and machine automation, it s possible for them to deliver a rich, cost-effective solution that flexes with demand. By opting for a service-led approach, organisations can derisk the adoption of data-driven security, as well as benefit from a rapid rollout, massive scalability and far greater costeffectiveness. All this means data-driven security becomes a win-win: organisations can harness all of its benefits; with none of the drawbacks. IF YOU ARE MAKING A THREAT INTELLIGENCE INVESTMENT, IT SHOULD BE WITH A PROVIDER THAT OFFERS AN EXTENSIVE CLOUD-BASED SERVICE THAT IS MANAGED ON YOUR BEHALF, AND WHICH YOU CAN CONSUME ON A PAY-AS-YOU-GROW BASIS. FOCUS ON IMPROVING REALITY With 63% of organisations now investing in, or planning to invest in threat intelligence, chances are you re already considering its potential to help your business. Data-driven security is the future for any organisation that wants to break the seemingly endless cycle of investment in more technologies, time and resource that only ever results in greater complexity and risk. The days of bolting on technologies or services to address each new challenge are ending. Instead, adopting an intelligence-led approach to cybersecurity enables organisations to have security in mind from day one relying on a holistic, intelligence-led approach to understand what normal looks like and applying expert data scientists to identify and resolve issues as soon as they appear. ULTIMATELY, ORGANISATIONS HAVE BEEN INVESTING IN TECHNOLOGY FOR YEARS AND THEY ARE STILL NOT WINNING THE CYBERSECURITY BATTLE. THEY NEED TO MAKE BETTER USE OF THE TECHNOLOGY ALREADY DEPLOYED AND BETTER UNDERSTAND THE RISKS THAT MATTER BY INVESTING IN THREAT INTELLIGENCE BOTH FOR MANAGED ASSESSMENTS AND CONTINUOUS CONTEXTUAL THREAT DETECTION. However, the way you do data-driven security really matters. It s essential to choose a partner that can apply the five pillars of datadriven security effectively to produce actionable intelligence that s also easy-to-consume. Many threat intelligence services on the market today are not fit for purpose they cost from 20,000 up to 1 million or more per annum and inundate customers with generic, largely irrelevant information that cannot be put to real use. Instead, look for solutions that wrap up the best talent, cuttingedge technologies and robust processes in a cost-effective, cloud-based managed service. With the right service provider, harnessing the genius of data should be more than feasible it should be simple, cost effective and eliminate the majority of the cyber risk organisations continue to face today. THE FIVE PILLARS OF DATA-DRIVEN SECURITY Scalable INTRODUCING A GREATER INTELLIGENCE FROM SECUREDATA We ve turned data-driven security into a simple, streamlined service. Proven Low Risk ACTIONABLE INTELLIGENCE EASILY CONSUMED Painstakingly developed in-house over several years, SecureData GI is an innovative and disruptive solution to the cybersecurity challenge. It applies machine intelligence, data visualisation and human ingenuity to analyse vast volumes of information and extract actionable insights in real-time. We take intelligence from within your organisation, combine it with global threat data, extract actionable insights in the cloud, and then deliver it back into your business seamlessly. Rapid Deployment Cost-Effective Flexes with business needs One point contact for security Access to scarce cyber expertise References: i IBM, What is big data?, 2015: ii Frost & Sullivan, (ISC)² Global Workforce Survey, 2015: iii ESG, More Bad News about the Cybersecurity Skills Shortage, 2014: iv UK Government, 2015 Information security breaches survey, 2015:

5 SecureData House, Hermitage Court, Hermitage Lane, Maidstone, Kent ME16 9NT T: +44 (0) F: +44 (0) E: Follow us on