Detection Only Solutions Aren't Enough For Today's Security Teams

Posted by Heather Howland on Apr 27, 2018 4:28:00 AM

Last week I had the opportunity to speak with several CISOs about what they are doing to deal with cyberattacks, breaches and internal threats. A consistent theme I heard is that detection only solutions aren't enough. They need more practical approaches to rapidly respond to anomalous behavior and they need to reduce burden on analysts. Working smarter not harder. This is one of the great benefits of real-time threat prevention based on identity, behavior and risk. It can removes work from analyst via adaptive response and automated resolution of false positives. One customer recently told me that within just a couple months, automated response has helped them improve their efficiency by 30-40%. That’s a lot of time that can focused on more critical security tasks.

Read More

Topics: Adaptive Response, Incident Response, Threat Detection, User and Entity Behavior Analytics

How to Stay Out of the Security Shelfware Trap

Posted by Wade Williamson on Apr 11, 2018 11:45:03 AM

The RSA Conference is just around the corner, and with it, one of the true spectacles of the security industry. If you visit the show floor of exhibitors you will find a seemingly endless sea of security vendors and products stretching in all directions, each one promising to be the critical missing piece to save you from the next attack. It can be exciting, quasi-educational, and more than a little mind numbing all at once.

Read More

Topics: Informaton Security, Threat Detection, Incident Response, Adaptive Response

Getting to the Root of Security Alert Fatigue

Posted by Wade Williamson on Jul 27, 2017 1:06:27 PM

Something is very wrong in the security industry and “security alert fatigue” is one of the most obvious symptoms. Most enterprises generate far more security alerts than their security staff can analyze. Typically it’s not even close. The problem extends to all industries, but a recent survey of banking security leaders brought the issue into sharp focus.  The study found that 61% of the organizations generate at least 100,000 events per day. 37% of organizations generated more than 200,000 events per day. That is simply too many events to process even for the largest of security teams. This shouldn’t be the norm, but virtually anyone who works in security can attest that it is. So let’s take a looks at why this is happening and what we can do to fix it. 

Read More

Topics: Incident Response, Adaptive Response

How Security Operations Can Safely Stop Investigating Benign True Positives

Posted by Eran Cohen on Apr 20, 2017 8:45:19 AM

True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples. 

Read More

Topics: Security Skills, Incident Response, User and Entity Behavior Analytics, ueba

Reducing Incident Management Noise With Your Own Employees

Posted by Eran Cohen on Feb 17, 2017 11:21:58 AM

Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.

Read More

Topics: Incident Response, ueba, Security Skills