Cybereason Announces Unified Threat Hunting and Investigation
Cybereason announces Unified Threat Hunting and Investigation, a significant development in its approach to storing long-term hunting data.
Sarah Maloney
A vital task for the modern CISO and incident response team is deploying a bulletproof incident response plan to identify, address and overcome the increasingly complex threats and attacks. But even the most solid incident response plans can lack critical details, impeding how quickly business operations are restored.
67% of security professionals think that incident response is more difficult today than it was two years ago. According to a recent research study that Cybereason commissioned with Enterprise Strategy Group (ESG).
An increase in the number of endpoints, cloud computing and IoT applications increases an organization’s attack surface --making it more difficult to detect malicious activities and respond to events in a timely manner.
Incident response calls for advanced skills. It's difficult, and sometimes nearly impossible, to recruit and hire additional staff in the midst of a global cybersecurity skills shortage. Most teams are overwhelmed with day-to-day tasks and don’t have the time necessary to get the training and education required to achieve new skill sets, leaving companies at risk.
As an ironic twist, adding new security tools may actually hinder incident response processes. For example, 27% of survey respondents claim that their organization has deployed more security management/incident detection technologies, increasing the time/effort associated with incident response. This is because each new tool requires personnel training, custom configurations, and even integration with other cybersecurity tools. This process takes time and resources and adds complexity in understanding and reacting to actual security incidents.
The increase in threat management and security analytics tools deployed during that last couple of years cause SOCs to sort through, prioritize and respond to a growing cacophony of security alerts.
Cybersecurity professionals have a long list of suggestions for incident response improvement including implementing better threat detection tools, establishing tools and processes to automate remediation, providing additional incident response training and improving coordination and collaboration between security and IT operations teams.
Many organizations are using or plan to use EDR technology. While many organizations use network security analytics to investigate endpoints, less than half have deployed EDR and feel that it is an important tool to monitor endpoint behavior for threat detection and incident response. In fact, threat detection and response are the biggest priorities for endpoint security tools today.
***
About the survey:
In late 2016, the Enterprise Strategy Group (ESG) completed a research survey of 203 IT and cybersecurity professionals with knowledge of, or responsibility for, threat management and incident response at their organizations. Survey respondents were located in North America and came from organizations ranging in size: 2% of survey respondents worked at organizations with less than 700 employees, 13% of survey respondents worked at organizations with 701 to 1,499 employees, 15% worked at organizations with 1,500 to 2,499 employees, 16% of survey respondents worked at organizations with 2,500 to 4,999 employees, 19% worked at organizations with 5,000 to 9,999 employees, 12% worked at organizations with 10,000 to 19,999 employees, and 22% worked at organizations with more than 20,000 employees. Respondents represented numerous industry and government segments, with the largest participation coming from manufacturing (21%), financial (i.e., banking, securities, insurance, 17%), retail/wholesale (13%), information technology (10%), financial/banking (13%), health care (9%), and government (i.e., federal, state, local, 7%).
Sarah Maloney is a writer for the Cybereason Blog, covering all things cybersecurity.
Cybereason announces Unified Threat Hunting and Investigation, a significant development in its approach to storing long-term hunting data.
Cybereason has released a series of enhancements in the Machine Timeline feature (formerly known as Process Timeline) to improve investigation workflows.
Cybereason announces Unified Threat Hunting and Investigation, a significant development in its approach to storing long-term hunting data.
Cybereason has released a series of enhancements in the Machine Timeline feature (formerly known as Process Timeline) to improve investigation workflows.
Get the latest research, expert insights, and security industry news.
Subscribe