Machine Learning and Advanced Analytics to Address Today s Security Challenges

Similar documents
THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

HOSTED SECURITY SERVICES

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Security. Made Smarter.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Cybersecurity The Evolving Landscape

Are we breached? Deloitte's Cyber Threat Hunting

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

A Practical Guide to Efficient Security Response

Combating Cyber Risk in the Supply Chain

CipherCloud CASB+ Connector for ServiceNow

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

WHITEPAPER HEALTHCARE S KEY TO DEFEATING CYBERATTACKS

Business Context: Key for Successful Risk Management

FOR FINANCIAL SERVICES ORGANIZATIONS

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Managed Endpoint Defense

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

AND FINANCIAL CYBER FRAUD INSTITUTIONS FROM. Solution Brief PROTECTING BANKING

with Advanced Protection

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Teradata and Protegrity High-Value Protection for High-Value Data

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Speed Up Incident Response with Actionable Forensic Analytics

MITIGATE CYBER ATTACK RISK

locuz.com SOC Services

Vulnerability Management. June Risk Advisory

The First Six Steps to Securing Remote Locations 1

Database Discovery: Identifying Hidden Risks and Sensitive Data

Disaster Recovery Is A Business Strategy

SIEM: Five Requirements that Solve the Bigger Business Issues

Securing Digital Transformation

2018 Edition. Security and Compliance for Office 365

THALES DATA THREAT REPORT

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

Business continuity management and cyber resiliency

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

8 Must Have. Features for Risk-Based Vulnerability Management and More

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

mhealth SECURITY: STATS AND SOLUTIONS

Wayward Wi-Fi. How Rogue Hotspots Can Hijack Your Data and Put Your Mobile Devices at Risk

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

THALES DATA THREAT REPORT

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

DeMystifying Data Breaches and Information Security Compliance

AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI)

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Cybersecurity and Hospitals: A Board Perspective

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Cyber-Threats and Countermeasures in Financial Sector

Best Practices in Securing a Multicloud World

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Protect Your End-of-Life Windows Server 2003 Operating System

Tripwire State of Cyber Hygiene Report

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

10 Hidden IT Risks That Might Threaten Your Business

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Healthcare HIPAA and Cybersecurity Update

Security and Compliance for Office 365

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

Effective Data Security Takes More Than Just Technology

THE CYBERSECURITY LITERACY CONFIDENCE GAP

CYBER SOLUTIONS & THREAT INTELLIGENCE

Cybersecurity Auditing in an Unsecure World

Put an end to cyberthreats

Protect Your End-of-Life Windows Server 2003 Operating System

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

INTELLIGENCE DRIVEN GRC FOR SECURITY

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

WHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale

Simplifying Security for IBM i and IBM Security QRadar

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Cybowall Solution Overview

THE EVOLUTION OF SIEM

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Cyber Attack: Is Your Business at Risk?

The Problem with Privileged Users

THE ACCENTURE CYBER DEFENSE SOLUTION

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Altitude Software. Data Protection Heading 2018

Getting over Ransomware - Plan your Strategy for more Advanced Threats

AKAMAI CLOUD SECURITY SOLUTIONS

Machine-Powered Learning for People-Centered Security

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large

2017 Annual Meeting of Members and Board of Directors Meeting

SIEM Solutions from McAfee

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

Resolving Security s Biggest Productivity Killer

Transcription:

Machine Learning and Advanced Analytics to Address Today s Security Challenges Depending on your outlook, this is either an exciting time or a terrible time to be part of an enterprise cybersecurity team. Today, groups of security professionals seemingly always under pressure to keep their organizations protected against attacks are facing an unprecedented level of challenges, as well as opportunities. Certainly there is no lack of data coming into organizations security systems about potential threats and vulnerabilities, which can ultimately help security professionals do their jobs more effectively. Security alerts can enable organizations to minimize the damage of data breaches.

The problem is how to keep the overwhelming amount of alert information from sending security-team members on continuous scavenger hunts for the meaningful insights that can lead to better security. The lack of a cohesive strategy and the technology tools to help make sense of all the data and simplify the analysis of alerts can lead to higher costs, loss of productivity, and less-than-optimum security. Some of the latest security technology solutions take advantage of advances in machine learning (ML) and data analytics to deliver meaningful insights to cybersecurity teams. This white paper examines some of the key challenges many security teams are facing today, and how the deployment of a solution based on machine learning and analytics can help organizations address many of these issues. A Host of Challenges Organizations are facing a security threat landscape that seems to be growing ever-more menacing. Bad actors are finding new and more sophisticated ways to break into systems and networks to steal data, or otherwise wreak havoc on organizations and their customers and business partners. The past few years have seen a dramatic increase in ransomware attacks, which can bring an organization s systems to a standstill. According to statistics provided by the U.S. federal government, ransomware is the fastest growing malware threat, aimed at users of all types. On average, more than 4,000 ransomware attacks have occurred daily since Jan. 1, 2016, the government says, a 300% increase over the approximately 1,000 attacks per day seen in 2015. Major organizations continue to be victimized by data breaches that leave sensitive data such as customer information exposed. In one of the more recent incidents, an attack against credit reporting agency Equifax from May through July 2017 resulted in the exposure of the personal data of 143 million American consumers. Hackers accessed individual s names, Social Security numbers, birth dates, and other information. These types of security incidents are costly. The average cost of a data breach is $3.62 million, according to the 2017 Cost of Data Breach Study by IBM Security and Ponemon Institute. The average cost for a lost or stolen record was $141, and the numbers are even higher for industries such as healthcare ($380) and financial services ($245). The figures are based on information gleaned from 419 companies worldwide that participated in the research. Organizations not only face costs related to the data breach itself, such as incident response and investigation, but the expense of any legal settlements that might result from the breach. Then there are the costs to the company s brand and reputation to consider. Damage can also come from failing to comply with government and industry regulations that call for the Interset.com Machine Learning and Advanced Analytics White Paper 2

protection of data. Regulations such as Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) have been in place for years, and newer rules such as the General Data Protection Regulation (GDPR) will soon be in place to protect the data of European citizens. These regulations have strict requirements regarding access limits to data, as well as protection of the information itself. Recent research has shown that many organizations are not prepared to meet the requirements of GDPR, which is scheduled to become enforceable in May 2018. Making matters worse in terms of data loss and regulatory fines, it can take a long time for organizations to determine that they have suffered a security breach. Such breaches are more likely to take months and years to detect rather than weeks or less, according to the Verizon s 2017 Data Breach Investigations Report. Companies have deployed tools to monitor network activity and gather data about security events. But all the alerts and information coming into organizations keeps security teams on continuous scavenger hunts or trapped in mazes, searching for the answers that will keep the organization from experiencing a damaging breach. How Long Does It Take to Discover a Breach? Dwell time can span from hours to years Breach Dwell Time % OF TIME COMPANIES Hours 2.6% Days 7.8% Weeks 7.8% Months 42.9% Years 38.9% 99 Days Time to Contain It 66 Days Sources: 2017 Data Breach Investigations Report (Verizon); 2017 Cost of Data Breach Study (IBM Security and Ponemon Institute); M-Trends 2017: A View From the Frontlines (Mandiant) Interset.com Machine Learning and Advanced Analytics White Paper 3

There are lots of paths to go down, but not all of these will lead to the solution the team needs. This process results in a lot of wasted time and money. Consider a typical scenario at many organizations and the various steps involved. The security team notices an alert and takes a chance that it is the right one to spend time following. It checks the security operations center (SOC) dashboards for context, to get an overall sense of what s going on. Then it checks the security information and event management (SIEM) system and finds two IP addresses. For each IP address, the team checks another console to find out which systems the IP address matches. It does a Web search to determine who owns the address and if it s a good or bad IP address, then checks an asset inventory system to find out if something is a legitimate application and who owns it. Then the team emails the owners for details, because the asset inventory information is probably out of date or incomplete. Next, the team checks another console to find out when the alert system was last scanned, and another console to find out if the system was patched after the scan, and yet another console to see if the system has been backed up. The process continues on and on with more emails, more console checks, more paths to follow. And at the end of the process two hours after it began, the answer is that the alert was false alarm. Still, the aggravation is not over. Hundreds of other alerts might be coming in and clamoring for attention. So the security team picks another one to look into and begins the process all over again. Only those security professionals who ve been through this process can truly understand how frustrating and time-consuming it can be. The Neverending SOC Cycle Security teams can get thousands of SIEM system alerts each day. After deciding which are most pressing, they ll spend hours investigating a threat. Here s one example of this often-fruitless search. Guess Choose an alert to pursue Console Look at 8+ SOC dashboards for context Console Check SIEM, and spot 2 IP addresses Research Figure out which systems the IP address match Research Determine if IP addresses are good or bad Research Look at asset-inventory system for application owners Setback Email owners, due to out-of-date asset-inventory system Research Find out when system was last scanned Research Figure out if the system has been patched Console See if the system has been backed-up Email Request a one-off vulnerability scan Research Check if backend has been tested Setback Discover disaster-recovery is only annual Console Find where log files are being sent Setback Not all log files are available Email Email Request missing logs Receive missing logs within 2 hours Setback 4+ hours later, realize that this is a false alarm Guess Start this process again, with next alert Sources: Cybersecurity: Why Context Matters and How Do We Find It and Cybersecurity: The End of Rules Is Nigh (Hortonworks); What Your Security Scientists Can Learn From Your Data Scientists to Improve Cybersecurity (TechCrunch) Interset.com Machine Learning and Advanced Analytics White Paper 4

Solutions Based on Intelligence The latest security solutions help teams effectively address these challenges. By leveraging ML and big-data analytics capabilities, these tools can greatly ease and speed up the process of identifying and analyzing important trends, better protecting against genuine threats. Companies need technologies such as ML and artificial intelligence (AI) today in order to solve the problems their security teams are facing, because existing processes can t scale and are not efficient in dealing with the demands of today s security environment. ML and AI enable teams to distill all the information that s coming in to them, identify the right places to look, and deliver the answers they need to find cyberthreats within minutes or days, not weeks or months. The mathematical and analytics capabilities of a modern security solution identifies such factors as the most risky users within an organization, and the potential threats those users represent. For example, the solution can detect a full-stage attack against an organization via advanced analytics in combination with Active Directory, IP Repository Logs, Web Proxy, and DLP data. With the solution, the security team can quickly view and understand the current state of users, repositories, endpoints, and network traffic. They can optimize the time, resources, and budget spent on the investigation; spend less time gathering data and more time understanding an attack; and back up all of their findings with ML and analytics. The security team can see, at a glance, the current risk posture of any entity such as a user, file, client device, server, IP address, or other IT component. Using an interactive dashboard, security professionals can directly drill down into the details of why an entity s characteristics, usage patterns, and behaviors are deemed higher risk than others. The system s intelligence gives it the ability to dynamically learn contextual-behavior patterns for each unique entity, and how those entities interact with each other. The machine-learning analytics clearly differentiate normal from anomalous activity. This leads to an extremely high-quality risk assessment and eliminates the false positives characteristic of other riskmeasurement models. It s important to remember that strong security is not just a matter of deploying tools and letting them do the work. Security teams need to work closely with colleagues on the business side to gain better understandings and context of the data being that s analyzed. Also keep in mind that what makes a solution like this so effective is the data. The more data available, the better the math works. The better the math works, the faster teams can detect a real threat. And the faster they can detect a threat, the faster they can respond. So bringing in more data from disparate sources can help organizations detect threats, when advanced technology such as ML is applied to the data. Interset.com Machine Learning and Advanced Analytics White Paper 5

Conclusion: A Call to Action In today s cybersecurity landscape, attack vectors are becoming increasingly stealthy and multifaceted, enabling bad actors such as hackers and cyber criminals to avoid detection via traditional security tools. In order to truly understand the impact of a threat, security teams need to holistically evaluate the threat by all relevant angles and data points. New security tools based on machine learning and advanced analytics allow security teams to directly access a prioritized list of high-quality security leads, so they can quickly identify threats such as compromised accounts, insider incidents, and intellectual property theft. The security leads deliver a distilled view of measured risk generated through dynamic ML and advanced mathematical models. Because no security professional is capable of matching the rate at which a computational system can process and correlate vast amounts of data from multiple sources, the analytics capability provides an unprecedented level of efficiency and productivity to the security team. How to Catch a Thief The stakes are too high for organizations to continue relying on outmoded and ineffective methods of detecting and stopping threats before they can cause damage. Businesses owe it to themselves and their customers to use the latest technology to outsmart the bad actors and keep information safe. Contact sales@interset.com Interset is a security analytics pioneer. An In-Q-Tel company, Interset transforms security operations efficiency by distilling billions of events into a handful of prioritized threat leads. Its unsupervised machine learning measures the unique digital footprint of systems and users. What used to take days or months, now takes minutes. Enterprises deploy the Interset machine-learning solution to protect critical data across the manufacturing, life sciences, high-tech, finance, government, aerospace, defense, and securities-brokerage industries. To learn more, visit our website, and follow us on Twitter, LinkedIn, and Facebook.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback