In today’s cybersecurity landscape, the pressure is on.
CISOs and other executives are suffering “security insomnia”: attack surfaces are growing exponentially, their security teams are receiving overwhelming numbers of alerts, real threats are masked by false positives, and the numbers of serious breaches are reaching new records – the list goes on and on.
To protect their organizations, a paradigm shift is required, a new holistic approach that cuts detection-to-response time and provides complete visibility across network, endpoint, and payload. The systems must offer continuous, round-the clock incident monitoring, detection, and investigation, all while reducing operating costs and addressing the ever-expanding cybersecurity skills gap.
The Answer: Automate the analyst
Driverless taxi cabs in major cities are becoming a reality. If you can automate something that complex, why not automate cyber investigations? Automating investigations frees up valuable human analyst time so he/she can focus on tasks that DO require human judgment and intuition. Automating the complex work of incident investigation slashes dwell time and makes security operations vastly more efficient.
Verint Systems is exhibiting at IFSEC International, which runs from 20-22 June 2017 at London ExCeL. You can find them on stand G375. Get your free badge now.
Here’s why. The automated analyst:
- Thinks just like a human investigator – Virtual investigators gather evidence, extract leads, create an intelligence map, build hypotheses, and then verify or refute said hypothesis, just like an analyst would. Unlike humans, though, it can analyze thousands of leads per day, providing analysts with clear, visual incident storylines that accelerate detection and response.
- Combines the best of man and machine – In a great example of “teamwork,” the machine documents workflow and rationale for the human analyst. When the analyst adds new evidence, the machine re-evaluates the incident. The machine also learns from the analyst how to improve future investigations.
- Collects the right information – Automated investigation ensures that analysts get the big picture when complex threats are detected – the complete information that is necessary to resolve the threats. Automation gives analysts total visibility of the attack surface – from attack chain to the attack vectors; from network, endpoints, and files to the organization’s ecosystem – gleaning insights as sensors share the data.
- Blends detection with proactive forensics – Automated forensic analysis, using a full set of network and endpoint forensics tools, helps incident response teams identify the root cause, trace the attack storyline, and contain attacks before data is exfiltrated. Combined with intelligence from other sources, it allows analysts to connect the dots among seemingly unrelated events and understand how the attackers entered, what systems are compromised, and what and how to contain, remediate, and prevent future incidents.
- Transforms alerts into actionable intelligence – Automated investigation can extract essential information from every piece of evidence, build linkage and context, visualize for immediate response, and update the intelligence map in real time.
Man, machine – or both?
Cyber attacks are getting more and more sophisticated. Due to the volume and complexity, man cannot fight them alone. Human analysts are no match for today’s advanced threats, which vigorously act to avoid detection, often lying undiscovered for months. This is where “virtual analysts” come in, to perform the “grunt work,” including:
- Gathering, analyzing, and prioritizing information
- Sifting daily alerts, and synthesizing them to create a forensic timeline for an incident
- Documenting every step of the investigation and facilitating information sharing
- Continuously reviewing evidence to confirm or refute attacks, transforming thousands of leads into a handful of prioritized incidents that tell the attack story
- Streamlining the process and improving SOC efficiency
By freeing up human analysts of routine and repetitive tasks, and eliminating human errors, the human pros can more effectively handle the work that require human experience and insight, including:
- Dive deeper into incidents, for example, by analyzing the content of suspicious network traffic
- Check open source intelligence for additional information on detected threats
- Run additional forensic investigations on endpoints and network for additional evidence collection
- Suggesting how to respond, remediate, or contain the threats/attacks
With automated investigations, companies can now stop scrambling to put out cyber fires.
Verint Systems is exhibiting at IFSEC International, which runs from 20-22 June 2017 at London ExCeL. You can find them on stand G375. Get your free badge now.
Listen to the IFSEC Insider podcast!
Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.
Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.
