Overcoming Five Critical Cybersecurity Gaps

Similar documents
Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring

Continuous Network Monitoring

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Attack Intelligence: Why It Matters

The Symantec Approach to Defeating Advanced Threats

IBM Security IBM Corporation IBM Corporation

ENABLING FAST RESPONSES THREAT MONITORING

Cyber Threat Intelligence Move to an intelligencedriven cybersecurity model

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

CyberArk Privileged Threat Analytics. Solution Brief

Redefining Incident Response

ALERT LOGIC FOR HIPAA COMPLIANCE

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

How To Buy Nitro Security

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

A COMPLETE APPROACH TO SECURITY

White. Paper. Rethinking Endpoint Security. February 2015

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Endpoint Threat Detection without the Pain

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Best Practices for Building a Security Operations Center

RSA Enterprise Compromise Assessment Tool (ECAT) Date: January 2014 Authors: Jon Oltsik, Senior Principal Analyst and Tony Palmer, Senior Lab Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Security Intelligence

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

SELECTING THE RIGHT HOST INTRUSION PREVENTION SYSTEM:

Protecting against cyber threats and security breaches

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

ORGANIZADOR: APOIANTE PRINCIPAL:

ProtectWise: Shifting Network Security to the Cloud Date: March 2015 Author: Tony Palmer, Senior Lab Analyst and Aviv Kaufmann, Lab Analyst

Cyber and Operational Solutions for a Connected Industrial Era

Symantec Cyber Security Services: DeepSight Intelligence

Into the cybersecurity breach

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Things To Do After You ve Been Hacked

Cyber Risk Reduction: Why Automated Threat Verification is key

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

2012 North American Managed Security Service Providers Growth Leadership Award

End-user Security Analytics Strengthens Protection with ArcSight

CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CA Host-Based Intrusion Prevention System r8.1

1 Introduction Product Description Strengths and Challenges Copyright... 5

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Cyber Situational Awareness for Enterprise Security

The Cyber Threat Profiler

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

THE EVOLUTION OF SIEM

Cisco Advanced Malware Protection

White Paper. Advantage FireEye. Debunking the Myth of Sandbox Security

Getting Ahead of Malware

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

Bridging the gap between COTS tool alerting and raw data analysis

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Breach Found. Did It Hurt?

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Boosting enterprise security with integrated log management

Security Intelligence Services.

A MULTIFACETED CYBERSECURITY APPROACH TO SAFEGUARD YOUR OPERATIONS

I D C A N A L Y S T C O N N E C T I O N

The Sophos Security Heartbeat:

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

Cybersecurity. Are you prepared?

RETHINKING CYBER SECURITY

Obtaining Enterprise Cybersituational

WHITE PAPER Cloud-Based, Automated Breach Detection. The Seculert Platform

Incident Response. Six Best Practices for Managing Cyber Breaches.

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Palo Alto Networks and Splunk: Combining Next-generation Solutions to Defeat Advanced Threats

Effective IDS/IPS Network Security in a Dynamic World with Next-Generation Intrusion Detection & Prevention

A Case for Managed Security

24/7 Visibility into Advanced Malware on Networks and Endpoints

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Cybersecurity The role of Internal Audit

The Importance of Cybersecurity Monitoring for Utilities

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Transcription:

Overcoming Five Critical Cybersecurity Gaps How Active Threat Protection Addresses the Problems that Security Technology Doesn t Solve An esentire White Paper Copyright 2015 esentire, Inc. All rights reserved. www.esentire.com @esentire sales@esentire.com

Table of Contents 1. Executive Summary 2. Traditional Cybersecurity Gaps a. Protecting against the past b. Maginot line mentality c. Malware myopia d. Alert overload e. The it s not my problem syndrome a. Drill down: how Active Threat Protection is different 3. Active Threat Protection i. Active analytics ii. Active forensics iii. Active intervention iv. Active correlation 4. Conclusion

Executive Summary A primary duty of senior management is to ensure that confidential information is protected. That s why the following statistics are unsettling: $46 billion was spent on cybersecurity in 20131. Yet 47,000 security incidents occurred and 44 million records were compromised in 2012 - the most recent year for which data is available3. Of these breaches: 66% went undiscovered for months 69% were discovered by external parties, not the business itself These facts tell an uncomfortable truth: despite security spending, your network and confidential data could be compromised right now - while you are unaware of it. Why? Most enterprises operate with set it and forget it security automation; nursing the hope that multiple automated defense layers will solve the security problem. But this hope disappoints. If automated security measures solved the problem, we wouldn t see 44 million compromised records in just one year. Of course enterprises don t spend a collective $46 billion for nothing. Most security technology does what it is designed to do. But security automation by itself leaves critical gaps open, and cybercriminals have become adept at bypassing defenses to steal sensitive information. This paper introduces the concept of Active Threat Protection, which offers a way to close these gaps. Active Threat Protection combines advanced security software with human expertise. It goes further than traditional cyber security by protecting enterprises against previously unknown threats even those that eluded other security defenses. Active Threat Protection also includes immediate intervention by security analysts to remediate incidents that technology alone can t handle. Enterprises using set and forget security measures are exposed. They will be victimized if this is their sole approach to protecting their most crucial data. Active Threat Protection is the answer. 1 2 ABI Research Study, July 2013 Verizon RISK 2013 Data Breach Investigations Report Page 3

Traditional Cybersecurity Gaps Cybersecurity solution providers are the first to admit that technology by itself doesn t solve the problem. Products tend to be programmed only for specific threat vectors. It always takes human intervention to restore systems to normal after a breach occurs. The damage suffered by an enterprise depends largely on how long the cyber threat remained undiscovered and unaddressed. There are five gaps in the traditional approach to cybersecurity: Protecting against the past Most security products are designed to recognize attacks that have happened before. They automatically prevent reoccurrences because they are programmed with the threat signatures. Unfortunately, the past isn t always a guide to the future. Threats morph all the time, as cybercriminals devise new ways to bypass security technology. Automated security systems are always one step behind. Enterprises need protection against previously unknown (called zero-day ) threats, not just yesterday s known threats. Maginot line mentality The Maginot Line was a series of concrete fortifications that France deployed along its border with Germany during the 1930s. The idea was to provide time for their army to mobilize in the event of an attack. But at the outset of World War II the Germans simply outflanked the Maginot Line, invading through Belgium. Traditional cybersecurity is based on an outwardly-focused prevention mentality. But today s most damaging attacks elude existing defenses to take up residence inside the enterprise network. Once there, they bide their time gathering information that will make the eventual attack more successful and damaging. Preventing intrusions is necessary, but what happens when preventative measures fail? How do you even find out? Enterprises need to combat threats that may already exist inside the corporate network. Malware myopia Malware is a big problem, but it is just one threat vector. Only 40% of last year s attacks were based on malware. What do we do about the other 60%? Enterprises need protection against all possible threats, not just those that involve malware. Alert overload A big problem with security automation is that it s automated. When a potential threat is identified, an alert is sent. In no time at all, the IT staff is swamped with alerts but which ones are really worth analyzing? It s a constant challenge to tune these systems. Too tight, and you get flooded with alerts. Too loose, and you may not get that one alert you really needed. In practice, most enterprises err on the too loose side, because they simply don t have the resources to investigate all the false positives. Of course, this exposes them to greater risk. Enterprises need a way to sift through the millions of network events that happen every day to zero in on those that may pose a true threat. Page 4

The it s not my problem syndrome When a real security breach happens, enterprises need immediate help. Cybersecurity has become an incredibly complex and specialized technology niche. Companies with limited IT budgets need access to that expertise. Unfortunately, legacy Managed Security Service Providers (MSSPs) only deliver notifications of breaches. They do not provide remediation assistance ( it s not my problem ). They are really Managed Security Alert Providers. Other services do render help if you are willing to pay a very steep a la carte price that is exacted right when a crisis is unfolding and you have no choice. Enterprises need help that is immediate, competent, and cost effective. They need experts who will stick with the problem until it is fully resolved. Page 5

Active Threat Protection Active Threat Protection closes the above gaps. It is the most comprehensive way to protect the organization s confidential information. To assist in describing the principles of Active Threat Protection, we will use esentire s Network Interceptor as a practical example. Figure 1: The esentire Network Interceptor Active Threat Protection Platform Four capabilities are essential to Active Threat Protection: 1. Better information about network events is needed. This means getting real-time data straight from the wire. In Network Interceptor this is called Active Analytics, a capability that finds both known and previously unknown threats. 2. Active Forensics operationalizes event data. Software tools and dashboards weed out false positives while escalating bona fide threats. 3. Trained security experts do Active Intervention when a security incident happens. They operate as an extension of your IT team, rendering practical assistance when you need it the most. 4. The log-based data already being captured by traditional security automation is still important. Active Correlation increases its value by aggregating it into the Active Forensics Database. This framework combines advanced detection technology with human expertise and is the only way to close gaps inherent to traditional security automation. Drill down: How Active Threat Protection is different Network Interceptor introduces a new level of cybersecurity protection. Here are some of its differentiating features: Active Analytics Network Interceptor s esensors apply proprietary algorithms in real time, leveraging these capabilities: Direct event scrutiny There is no waiting for device logs to be aggregated and normalized. Network Interceptor sits on the wire, gathering a richer set of traffic data, and supplying crucial information to the Active Forensics Database. Page 6

Behaviour-based detection Threats reveal themselves by the way they behave. Network Interceptor identifies threatening behaviors, surveying the internal network as well as inbound traffic. This enables Network Interceptor to find threats other security systems miss. Immediate interdictors These are software enforcers that step in to stop attacks in their tracks by automatically applying prearranged remediation tactics. Active Forensics Active Forensics combines rich network event data and interpretive technology to pinpoint bona fide security threats. It is operationalized forensics an advanced toolset that security experts leverage to rapidly research and remediate cyber threats: Active forensics database A repository of network event data that is a broader and richer source of valuable information for security systems and analysts. It is a key resource that even extends the capabilities of traditional security systems. Intelligent threat interpreter This dashboard-based facility applies software algorithms to the Active Forensics Database, eliminating false positives and highlighting events that truly need attention. Network event traceability This advanced tool is like having a record/rewind button on the network: a series of related events can be traced back to their origins to reveal actionable information that is otherwise unobtainable. Active Intervention The only way to really solve a security crisis is with the proactive help of security experts who have access to Active Forensics. Active Intervention extends the your IT team with deep subject matter expertise precisely when it is most needed. Without Active Intervention, most enterprises trust in set and forget technology that can be bypassed. They may use MSSP services but get an it s not my problem message when a real attack emerges. Active Intervention closes these gaps and minimizes business risk. Page 7

Active Correlation Traditional event logs have great value. Active Correlation cooperates with existing security products and device logs by aggregating information from many sources and feeding it into the Active Forensics Database. Active Correlation is provided by these services: Log Sentry This service collects and monitors log events, detecting anomalies and providing data to the Active Forensics Database. It also is used to support compliance monitoring and reporting. Asset Manager Protect This service correlates threat data across a broad community of user companies, enabling Network Interceptor to prevent attacks from malicious sites when a threat emerges at just one community member s company. Continuous Vulnerability Scanning This service provides nonstop vulnerability management, combining regular scans and penetration testing. It closes the window left open by vulnerability assessments that are done only an annual or semiannual basis. Page 8

Conclusion At esentire, we re proud to be leading this new, broader cybersecurity paradigm. It s no accident that more than 500 businesses with more than $2.5 trillion in assets trust us with their cybersecurity. When a business is responsible for people s money it absolutely, positively needs active threat protection. Active Threat Protection is the future of cybersecurity, because every enterprise deserves the most comprehensive protection possible. About esentire esentire is a leader in continuous advanced threat protection solutions and managed cybersecurity services. The company s flagship offering, Active Threat Protection, challenges legacy security approaches, combining behavior-based analytics, immediate mitigation and actionable intelligence on a 24x7x365 basis. Dedicated security experts continuously monitor customer networks to detect and block cyberattacks in real-time. Protecting more than $2.5 trillion in Assets under Management (AuM), esentire is the trusted choice for security decision-makers in financial services, healthcare, mining, energy, engineering and construction, legal services, and technology companies. In late 2013, esentire was named to the Deloitte Technology Fast 50 Companies to Watch and cited as a Canadian Innovation Exchange CIX Top 20 most innovative Canadian company. For more information visit www.esentire.com and follow @esentire. esentire is named a Gartner 2015 Cool Vendor for Cloud Security Services in the 2015 Cool Vendors report by Gartner Inc. Active Threat Protection, Network Interceptor, Host Interceptor, and Log Sentry are registered trademarks of esentire, Inc. Trademarks not belonging to esentire are property of their respective companies. Copyright 2015 esentire, Inc. All rights reserved. www.esentire.com @esentire sales@esentire.com Page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information