One Article Review

Accueil - L'article:
Source SecurityWeek.webp SecurityWeek
Identifiant 549982
Date de publication 2018-03-29 12:10:04 (vue: 2018-03-29 15:00:21)
Titre The CNN Factor Adds More Complexity to Security Operations (Recyclage)
Texte >Security Teams Need the Ability to Collaborate and Coordinate to Make Better Use of the Talent and Data They Already Have We all know that security teams are drowning in a sea of alerts, largely driven by a defense-in-depth strategy with layers of protection that aren't integrated and create a massive amount of logs and events. If you need further evidence, Cisco's 2018 Annual Cybersecurity Report (PDF) found that among organizations using 50+ vendors, 55 percent say orchestrating security alerts is very challenging and for those with 21-50 vendors, 43 percent are struggling. The result? On average, 44 percent of alerts are not investigated and of those investigated and deemed legitimate, nearly half (49 percent) go un-remediated! Compound that reality with the “CNN Factor” – global cyberattacks that garner widespread interest and trigger calls from management – and you've got a situation that is quickly becoming untenable. It isn't sufficient for security teams to prevent, detect and respond to attacks. Security teams also must be able to proactively investigate and understand what the latest, large-scale cyber campaign means to their organization.  Yet Cisco's study finds, “One reason [alerts go un-remediated] appears to be the lack of headcount and trained personnel who can facilitate the demand to investigate all alerts.” So how can security teams handle the fallout from the headlines along with their daily list of “to-dos?” They need a force multiplier – the ability to collaborate and coordinate to make better use of the talent and data they already have. This will not only help them respond more effectively and efficiently to alerts, but also address the inevitable flurry of questions every time a large-scale attack happens and take action as needed.  Collaborate. It isn't just security tools that are siloed, security teams typically operate in silos as well and that includes all the members of your threat intelligence program – threat intelligence analysts, security operations centers (SOCs) and incident handlers, to name a few. When one team member researches an event or alert and doesn't find information that is relevant to them, they tend to put that information aside and move on to the next task. But what if someone else in threat operations, conducting a separate investigation, could have benefitted from that work? Without the ability to collaborate as part of the workflow, key commonalities are missed so investigations take longer or hit a dead end.  What's needed is a single, shared environment that fuses together threat data, evidence and users, so that all team members involved in the inve
Envoyé Oui
Condensat 2018 >iews >the adds all april are bay brings but capturing ciso clear cnn complexity conference confusion cyber data effect factor feeds field forum half ics incident industry insights intelligence links meaning moon more oct operations personalization platformsgifts register response security securitycutting singapore sponsored starbucks tags: threat through title usa value
Tags Guideline
Stories Deloitte
Notes
Move


Les reprises de l'article (1):
Source SecurityWeek.webp SecurityWeek
Identifiant 513459
Date de publication 2018-03-14 15:42:02 (vue: 2018-03-14 15:42:02)
Titre The Value of Threat Intelligence is Clear, But Are You Capturing It All?
Texte Take Relevance Into Account When Analyzing Threat Data Parents are nervous. High school seniors are nervous. It's that time of year again when college decision letters and emails start to arrive. We all know there's tremendous value in education, and a college degree is a pre-requisite for many career paths. But which school is the best fit? Will your child get the most value possible from his or her college experience?  For each student, what defines and drives value from the college experience is different. It may be studying in an environment where they feel comfortable and can thrive; attending a university that offers a major in a field they want to pursue; having an opportunity to play the sport they love and excel in; or any number and combination of factors.  Likewise, we all know there is tremendous value in threat intelligence, and various factors come into play to create value.  The recent SANS 2018 Cyber Threat Intelligence Survey (PDF) finds 81% of cybersecurity professionals affirm that threat intelligence is providing value and helping them do their jobs better. The millions of threat-focused data points available, the many sources of global threat data we subscribe to, and the internal threat and event data from our layers of defense and SIEMs provide a significant amount of threat intelligence. But are we capturing all the value we can to truly strengthen our defenses and accelerate detection and response? As I've said before, not all threat intelligence is equal. Threat intelligence that is of value to your organization, may not be of value to another. How do you get the most value from your threat intelligence? It comes down to relevance, and that's determined by your industry/geography, your environment and your skills/capabilities. Industry/Geography. Threat data focused on attacks and vulnerabilities specific to your industry and geography is much more relevant than generic data that includes threats that target a specific sector and/or region you are not in. External threat feeds such as those from national/governmental Computer Emergency Response Teams (CERTs) and Information Sharing and Analysis Centers (ISACs) organized by industry, can prove useful. Complementing the data in your central repository with data from these types of sources can help reduce noise and allow you to focus on threats occurring locally in your sector. Environment. Depending on your environment or infrastructure, some indicators are more relevant than others. For example, if your workforce is highly distributed and endpoint protection is key, hashes are important because they enable you to detect malicious files on those devices. On the network, domain names and IPs are more relevant indicators allowing you to track suspicious traffic. To get the most value from your threat intelligence, you need tools that aggregate indicators in a c
Envoyé Oui
Condensat 2018 adversaries all april are bay brings but capturing ciso clear conference cyber data forum gifts half harder ics industry infrastructure intelligence links make meaninghow moon news oct personalization register security singapore smarter sponsored tags: threat usa value work
Tags Guideline
Stories Deloitte
Notes
Move


L'article ne semble pas avoir été repris sur un précédent.
My email: