Reimagining security for today’s evolving threat landscape

Photo courtesy of iStockPhoto

In today’s connected industry, it is not “if” but “when” you will be attacked. As many organizations go digital to compete better and become more agile to market demands, their infrastructure is being constantly bombarded by hacks, phishes and DDoS attacks.

This has placed incident response under scrutiny. With advanced security and access to key expertise and resources, firms can take the fight to the intruders. But in today’s lean and cost-conscious operating environment, this can be a hugely expensive proposition.

Evolving threat landscape

The challenges are obvious. Creating your own Security Operations Center can cost millions of dollars. The ability to find the right experts, software and hardware to constantly monitor threat patterns can be challenging. Add complexity from the diverse number of security tools, increasing data volumes as firms embrace digital transformation and the need to respond to threats in minutes, and you can understand why security is a top-mind issue for many firms.

In the meantime, security threats are evolving fast. We are no longer talking about fame-driven tech-savvy individuals. Many cybercrimes are sophisticated in nature, often using a clever combination of tools and deception. We are in the midst of a maturing cybercrime market where hacking is now a service. Motivations have also changed with economics and politics shaping the threat landscape.

Options when faced with limited resources

Respondents to a FireEye global survey revealed that as many as 37% receive orver 10,000 alerts per month.

Figure 1: Number of alerts received per month

Number of alerts received per month

Source: FireEye 2017

So, what chance does a firm with limited resources and little access to expertise have? Managed Security Service Providers (MSSPs) were supposed to help. They used to device management, log collection and retention, even prioritization and alerting, and compliance alerting and reporting to keep firms security in check.

However, many of these service providers measured their success by the quantity—not the quality—of alerts they produce. Many of these alerts were not actionable and just threat indicators. Complex attack patterns from sophisticated cybercriminal continue to go undetected.

Yvonne Tsui, Country Manager, HK and Macau, FireEye“The MSSP industry has not changed in over 15 years. They mostly depend on legacy technology that is signature driven and malware oriented. Many rely on low-level, offshore resources to validate incidents and perform triage,” said Yvonne Tsui (photo right), Country Manager, HK and Macau, FireEye.

MSSPs also created the so-called 1% problem. While 80% of firms received 500 or more severe alerts per day, only 1% is investigated as noted in the FireEye paper “The Numbers Game”. It quickly became apparent that getting more alerts was not providing more answers.

In addition, rapid detection and response are becoming key priorities. With brand reputation and revenues on the line, firms going digital need to respond to attacks and threats in near real time. Gartner predicted that firms will spend 60% of their enterprise security budgets on this requirement, up from less than in 10% in 2013.

FireEye-as-a-Service (FaaS) offers a different proposition. It is a Managed Detection and Response (MDR) service, which according to Gartner includes unknown threat detection, human-powered triage and incident validation, remote response and forensics service, assistance with remediation and threat hunting.

Essentially, FaaS tackles the three major concerns of Chief Information Security Officers (CISOs): intelligence, technology and expertise.

The service uses machine-generated, dynamic threat intelligence, human behavior, and research based on real-world threat cases and geo-political strategic analyses to keep subscribers a step ahead.

Based on FireEye’s proven platform, the service looks to accurately detect and investigate threats quickly, proactively using new intelligence to look out for new threats.

More importantly, FaaS offers CISOs and subscribing firms access to relevant security expertise. These multi-disciplinary FireEye professionals can help to detect complex breaches.

“FaaS offers an important lifeline for firms looking to become more proactive with their security. It is designed to give you the knowledge, expertise and tools you need to quickly detect threat, and more importantly take the right actions to mitigate them,” said FireEye’s Tsui.  

The service also provides a cost-effective answer to fighting cybercrime and avoiding costly security breaches.

“The combination of early detection, effective scoping and rapid comprehensive response minimizes the cost and impact of a breach. It is the reason why many are shifting from MSSPs to MDR,” concluded Tsui.

Original Author: