Combating False Alarms and Delayed Detection Is Key to Defeating Advanced Cyber Threats
By Filip Truta, Information Security Analyst, Bitdefender
Keeping your organization safe from cyber threats drains considerable resources if you don’t have the correct strategy. Surveys analyzing cybersecurity at companies big and small often conclude that IT departments are understaffed, budgets are tight, and that they lack the skills needed to combat advanced threats. But, while these hurdles are very real, it actually boils down to the solutions your organization invests in.
Faced with sophisticated threats like APTs, fileless attacks, polymorphic malware, and malicious insiders, your incident response team must be able to triage and investigate suspicious activities, responding adequately and rapidly. Studies show that, the longer IT takes to detect a breach, the more expensive the incident becomes.
Traditional endpoint security solutions have a poor track record in prevention, and they are noisy and complex to operate effectively and efficiently. If your security operations center is forced to waste time constantly triaging alerts – half of which are typically false alarms – real threats eventually slip through the cracks, damaging your business and your reputation.
Time is of the essence
In a study by Bitdefender this year, 78 percent of infosec professionals said reaction time is the key differentiator in mitigating cyber-attacks. Asked how long it would take them to detect an advanced attack (i.e. one using a zero-day exploit), 28 percent of respondents said it would take a matter of days, 16 percent said weeks, and 9 percent admitted it might take them up to six months.
Security teams must not only identify the source of the attack, they must also be able to isolate it and stop it from spreading. An organization often needs to conduct a forensic investigation after a breach to meet regulatory requirements. So, how do we break down these barriers? More importantly, how do we cover all these weak spots without blowing our entire IT budget on security?
The right people
Today’s incident response teams are challenged by a dearth of resources and skills, which hampers their ability to address threats quickly.
Three in 10 organizations have no dedicated security operations center (SOC). Of these organizations, 81 percent said the biggest challenges created by the lack of an SOC are the ability to respond quickly, remediate potential threats, and investigate suspicious activity quickly. Meanwhile, 41 percent of those who lack a SOC find that reaction time and speed are the key differentiators for mitigating an attack.
Companies with minimal IT resources and limited security expertise, should consider outsourcing their endpoint detection and response. The Security Operations Center-as-a-Service (SOCaaS) model is a managed threat-monitoring service staffed by an elite team of experts tasked with detecting intrusions and responding to malicious activities that may otherwise go undetected. An outsourced SOC works with you to accelerate detection, prioritization, and the response to threats.
The right tools
If we are to address every kind of threat – from malware to social engineering schemes to insider threats – we not only need the right people for the job, but the right technology as well. Using their current security tools, only 3 percent of IT professionals say they can efficiently detect and isolate every advanced attack directed at them.
40 percent of infosec workers agree that network traffic analytics (NTA) is a powerful approach to detecting cyber-threats early in the attack cycle. NTA augments your endpoint protection, detection and response investments to give the IT department visibility into network-borne threats while also keeping tabs on malware. An ideal NTA deployment uses semi-supervised machine learning methodology to identify key patterns and trends in live data flows to spot anomalies that may point to a developing threat with little need for human input.
Endpoint Detection and Response (EDR) is also instrumental in keeping cyber threats at bay. Advanced detection and response solutions can show IT teams precisely how a threat works and its context in their environment, produce up-to-the-minute insight into named threats and malware that may be involved, and indicate steps to remediate or reduce the attack surface.
Decision makers prospecting vendors would be wise to also consider solutions that leverage rich threat intelligence with contextual, real-time insights into the cyber-threat landscape, including unique and evasive malware, advanced persistent threats, zero-day vulnerabilities, hard-to-catch command and control (C&C) servers, reputation of files, URLs, domains and IPs. This living database delivers a continuous flow of actionable intelligence, eliminating a long-standing blind spot for security analysts.
Regardless of infrastructure or business model, companies of all sizes have a plethora of options to strengthen their cybersecurity posture. Using a layered approach, IT decision makers can fill any gap in their cybersecurity strategy, optimize IT spend, and free their IT teams of endless false alarms and headaches.
About the Author
Filip Truta is an Information Security Analyst at Bitdefender. He has more than twelve years of experience in the technology industry space such as gaming, software, hardware, and security. He likes fishing (but not phishing), basketball, and playing around in FL Studio.