One Article Review
| Source |  Anomali |
|---|---|
| Identifiant | 3357142 |
| Date de publication | 2021-09-09 14:00:00 (vue: 2021-09-09 14:05:37) |
| Titre | Optimizing Your Cybersecurity with Intelligence-Powered Detection |
| Texte | The recent large-scale cyberattacks have shown that any organization, regardless of size or industry, may be targeted at any time. Despite deploying multiple tools, security teams struggle to pinpoint relevant threats, wasting time sifting through incoming data and false positives and cannot act swiftly to real threats facing their business. A recent Dark Reading study revealed that while many organizations have improved their threat detection capabilities over the last few years, they lack threat visibility and are still reliant on too many manual processes. These shortcomings in combating cyber threats result in alert fatigue, smoldering fires, and siloed threat intelligence. The question then becomes: “How can my organization optimize its threat detection system?” Threat Detection as Process There are multiple ways to detect a potential threat. These can include global threat intelligence, human expertise in threat identification, and advanced tools for identifying malicious activity. While all are essential elements, they need to working effectively to create an optimized security program. Too often, the security process goes in one direction, from threat intelligence gathering to analysis and monitoring by the security operations center (SOC) and then on to security engineering to prioritize remediation. Creating a collaborative system with feedback loops between security teams and other key stakeholders is a much more effective way to avoid siloed intelligence and rapidly identify relevant threats. In this security ecosystem approach, the threat intel team automates intelligence gathering, prioritizes against intelligence initiatives, and incorporates any new requirements coming from security engineering. The SOC then monitors and prioritizes the continually updating threat requirements to help the threat team find relevant attacks. Security engineering prioritizes remediation and then feeds the revised intelligence requirements back to the SOC, reflecting any changes in vulnerabilities. Intelligence-Powered Threat Detection Implementing an effective collaborative system with two-way fluid communication requires intelligence-powered threat detection. Detection enables intelligent orchestration through your security organization and ensures that the global intelligence is relevant. Machine learning is leveraged to make sure severity scoring is conducted quickly and effectively. An intelligence-driven platform can process millions of indicators of compromise (IoCs) and billions of internal log entries, operationalizing threat data and automatically showing security teams what is relevant to them and which data are actionable intelligence. The identified indicators of interest can then be fed directly to the endpoints and firewalls for blocking. Extended Detection and Response or XDR Extended detection and response or XDR is a security framework that unifies threat detection and response into a single platform. It collects and correlates data automatically from disparate security components installed in a customer's environment. XDR can provide better security than isolated tools by reducing the complexity of security configuration and incident response. For example, you can extinguish smoldering fires using XDR, as big data support on the backend enables quick indexing and searches going back years. Alert fatigue is relieved by the automated updating of IRs and allowing threat intelligence teams to focus on relevant IoCs. And, because it bridges different tools and systems, XDR can also facilitate feedback loops between cybersecurity teams and stakeholders. Vendor-agnostic XDR platforms |
| Envoyé | Oui |
| Condensat | “how abnormal about access across act actionable active activity actor actors addresses advanced advantage adversaries against agnostic ahead alert alerts all allowing allows along already also analysis analysts analytics analyzed any approach apps are as: assess asset att&ck attack attackers attacks automated automates automatically avoid away back backend bait base baseline because becomes: behavior behaviors behind better between big billions blocking both bread bridges brings business can cannot capabilities capture catalog cause center challenges changes chaotic classifying cohesive cohesiveness collaborative collects combating combination come coming common communication complexity components compromise conducted configuration confirmation continual continually correlates could create creating credential critical crucial crumbs current customer's cyber cyberattacks cybersecurity dark data deception decisive deeper defining deploying despite detect detection detection detections develop different differentiated direction directly disparate driven ecosystem edr effective effectively efficacy elements enables endpoint endpoints engineering ensures enterprises entire entries environment essential etc event example executed expertise extended extinguish face facilitate facing false fatigue fed feedback feeds file find finding fires firewalls flexible fluid focus focusing framework from gathering generated global goes going hashes have help helpful hidden hindering historical holistic honey honeypots how human hunt hunting hunts identification identified identify identifying identity immediately implementing improved incident include including incoming incorporates increasing indexing indicators industry infrastructure initiatives installed integrated integrates intel intelligence intelligent interest internal investigate investigation ioas iocs irs isolated its just key keys knowledge known lack landscape large last layered learn learning leave legacy level leveraged leveraging lifecycle like log logs loops lures lurking machine make malicious management manual many map matching may messaging method methods millions mitigate mitre monitoring monitors more most much multiple need needed network new normal observed of—adversaries offers often one ongoing operate operating operationalizing operations optimize optimized optimizing orchestration organization organization's organizations other out outliers over penetrated pinpoint pinpointed place platform platforms popular positives potential power powered precise previously prioritize prioritizes procedures process processes program protection provide provides providing question quick quickly rapidly rate rather read reading real recent reducing reflecting regardless registry relevant reliant relieved remediation required requirements requires respond response result revealed revised right rigorous risk robust root saving scale scoring searches security severity shortcomings showing shown siem sifting signs siloed silos single size smoldering soc solutions stakeholders state stay stealthy struggle study success such support sure swiftly system systems tactical tactics taken targeted taxonomy team teams technique techniques technologies technology telemetry than them then these thorough those threat threats through time together tokens too tool tools transform trap ttps two types typical unassailable uncover uncovering understand—and understanding undetected unifies unknown updating use used user using utilizing various vendor vendors verdict video visibility vulnerabilities wasting watch way ways weave what when which whitepaper wild will working world xdr years yet your |
| Tags | Tool Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.