Breaking the Resource Vortex: A Case for Rapid Threat Detection and Response
We’ve reached the maturation point in our industry where few organizations question the role of high-fidelity threat intelligence in protecting their business. But where individual businesses derive that value — and how — remains largely dependent upon their ability to act on the intelligence rapidly.
According to The Evolution of Cyber Threat Intelligence (CTI): 2019 SANS CTI Survey, of the more than 90% of organizations either currently producing or consuming threat intelligence (or planning to do so), the most useful elements of threat intelligence include which vulnerabilities are being targeted, indicators specific to brands and intellectual property, detailed malware analysis, high-level threat actor trends and their TTPs, and so on. In other words, assuming it’s accurate and timely, all threat intelligence is the most useful — and that’s a problem.
The proliferation of threat intelligence, while bringing inherent value, is doing so at an obvious cost: it takes time and resources to make it meaningful.
Further, it reveals the extent to which security staffs are being confronted by a “resource vortex.” Most businesses are overwhelmed by the volume and complexity of an evolving cyber threat landscape and we know security talent is increasingly difficult to attract and retain. Complicating matters is even the best threat intelligence platforms require teams to scan alerts, manage potential exploits, address potential vulnerabilities and take related actions — all of which, by nature, is resource intensive and tactical work.
In short, we have highly specialized (and high priced) security analysts spending long hours monitoring devices, chasing exploits, correlating vulnerabilities and developing and deploying actions to incrementally improve defenses against current threats, rather than focusing on developing new security strategies against future threats.
If we want to keep pace with the rapid evolution we’re seeing in the tactics and techniques of threat actors, we’re going to need to solve for the resource vortex — and today’s solutions can only take us so far.
But what if we could find a way to automate the journey required to secure the enterprise from daily attacks on their critical resources and free up staff to work on strategic initiatives? Imagine a threat management, detection and response (MDR) platform where a customer can set policies based on threat characteristics such as risk score or indicator type and then specify a set of actions to take, whether that is to add a deny filter to their firewall or add a new signature to their intrusion prevention system (IPS). In other words, imagine if we could harness the best of what threat intelligence offers combined with the promise of automation so that the intelligence becomes the pathway to action.
That day is coming, and it’s coming fast.
Learn more about cybersecurity solutions for your organization.
This article was originally published on Blackhat.com: https://www.blackhat.com/sponsor-posts/06262019-centurylink.html