One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 2841816 |
| Date de publication | 2021-05-26 17:20:00 (vue: 2021-05-26 18:05:32) |
| Titre | Threat Intelligence Platforms Help Organizations Overcome Key Security Hurdles |
| Texte | Dealing with Big Data, Providing Context, Integration, and Fast Understanding of New Threats are Among the Benefits Threat Intelligence Platforms or TIPs Provide When industry analysts survey most security professionals these days, the common consensus is that it’s now harder to manage security operations than ever before. For example, a recent Enterprise Strategy Group (ESG) research study showed that some 63 percent of security pros say that the job is tougher today than it was just two years ago. While there's no doubt that the variety and volume of threats keep on growing by the year, the question is whether or not it’s the complexity of the security problems that have risen precipitously, or whether something else is going on. I'd argue that it's mostly the latter, in that it’s not so much that the complexity has grown tremendously over this time so much as the “awareness” of already latent complexity has become more apparent. As the breadth of technologies and data available to modern cybersecurity organizations continues to proliferate, security strategists are finally getting enough visibility into their environments to start discovering gaps that have existed all along. But knowing where the deficiencies exist doesn’t always equate to being able to address them. These same security folks are also struggling to wrap their arms around what is possible to achieve by using the array of tools in their arsenals and the vast quantities of information available. Years ago in the security world, the common mantra was that security organizations “don't know what they don't know” and this was due to deficiencies in monitoring and threat intelligence capabilities. Nowadays the opposite is true. They're flooded with data and they're starting to get a better sense of what they don't fully know or understand about adversarial activities in their environments. But this dawning self-awareness can be quite nerve-wracking as they ask themselves, “Now that I know, what should I do?” It can be daunting to make that jump from understanding to taking action—this is the process that many organizations struggle with when we talk about “operationalizing” threat intelligence. For security operations, it’s not enough to just know about an adversary via various threat feeds and other sources. To take action, threat intelligence needs to be deployed in real-time so that security tools and personnel can actually leverage it to run investigations, detect the presence of threats in their networks, respond faster, and continuously improve their security architectures. But there are many significant hurdles in running security operations that stand in the way of achieving those goals. This is where a robust threat intelligence platform (TIP) can add significant value to the security ecosystem. TIPs help security operations teams tackle some of the greatest hurdles. Big Data Conundrum with Threat Intelligence Platforms The first challenge is that the sheer volume of threat intelligence made available to security teams has become a big data problem, one that can't be solved by just filtering out the feeds that are in use, which would defeat the purpose of acquiring varied and relevant feeds in the first place. Organizations don't want to ingest millions or billions of evolving threat indicators into their security information and event manager (SIEM), which would be cost-prohibitive but also lead to the creation of unmanageable levels of false positives. This is where Anomali comes in, with a TIP doing the work on the front end, interesting and pre-curated threat “matches” can be integrated directly into your SIEM. These matches prese |
| Notes | |
| Envoyé | Oui |
| Condensat | “don't “now able about access according accurate achieve achieving acquiring across action action—this actionable actions activities actors actually add addition address addresses advanced advantages adversarial adversary against ago all allows along already also always among analyst analysts anomali any apparent architectures are argue arms around array arsenals ask att&ck’s attack attacks automation available awareness base become before being benefits better between big biggest billions breadth bring broad built bulletin but can can't capabilities challenge challenges comes common communicating complexity complimentary conditions connections consensus consistently context contextualize contextualized continues continuously conundrum cost covid craves creation crop curated curiosity currently cyber cybersecurity data daunting dawning days dealing deep defeat defend deficiencies delivers depends deployed detect develop developer different directly disconnect discovering doesn’t doing don't don’t doubt download downstream drive due easier easy economic ecosystem efficient else emerges enables end enough enterprise environmental environments equate esg event ever every evolving example exist existed expected experience experienced face false fast faster features feeds filtering finally firewalls first flooded folks free from front fully gap gaps gen get getting given giving goals going greatest green group growing grown hack handed harder has have headlines help helps hours how however hugh hurdles i'd impact impacted improve includes increasingly indicators industry influence information ingest inside integrated integration integrations intel intelligence interesting interview investigations it's it’s job jump just keep key know know” knowing knowledge language latent latter layer lead learn lens level levels leverage like made major make makes manage manager mantra manual many mapped matches members methods millions mitre modern monitoring more most mostly motivations much multiple necessary need needs nerve networks new next njemanze not now nowadays nowhere numerous off one online operationalize operations operations' opposite ops orchestration organization organizations other otherwise out over overcome overlay own part percent personnel piece place platform platforms platforms positives possible power powerful pre precipitously presence present principle proactive problem problems procedures process products professionals prohibitive proliferate pros proven provide providing purpose quantities question quick quite range read: reading real realizing recent recognize refer related relevant report reports requirements research respond response risen robust roi run running russian same say saying security seeking self sense sheer should showed siem siems significant simplify single skills smart soapa soar soc solarwinds solved some something sooner sources speed stack stand start starting statuses strategists strategy strengthen struggle struggling study study: sunburst surface survey synonyms table tackle tackling tactics take taking talk tap tasked team teams techniques technologies than them themselves then there's these they're those threat threats time tip tips today tool tools top tougher tracked tremendously true truly ttps two understand understanding understands unmanageable use users users’ using validation value varied variety various vast very view visibility volume want watch way we've what whatever when where whether which who whole why wide will work world would wracking wrap year years your |
| Tags | Tool Threat Guideline |
| Stories | Solardwinds Solardwinds |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.