Four Ways XDR Optimizes Your Security Stack
An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...
Lital Asher-Dotan
The security industry faces two staffing shortages that hinder an organization’s ability to combat advanced persistent threats (APTs).
To start, there’s a lack of skilled security professionals, a well-known issue and that has been documented by various industry groups, including ISACA, which found that 86% of companies can’t find the right talent.
Making the hiring situation even more dire, security workers are coveted by every business. If these employees aren’t getting hired by hot technology companies like Facebook, Apple and Tesla, they’re being recruited by security vendors. There aren’t enough people to meet the demand.
Companies with adequate security personnel levels aren’t immune to these hiring challenges. The average security worker stays with an organization for approximately four years while the length of employment for those in more senior positions is even shorter.
And, of course, when employees leave they take a slew of institutional knowledge with them, forcing companies to essentially rebuild their security programs and leaving them vulnerable to attacks.
And those attacks are growing increasingly sophisticated. To evade detection, adversaries are forgoing traditional vectors like malware and RATs and turning to more sophisticated methods like fileless malware and using a company's administrative tools and infrastructure against the organization.
In other cases, deep-pocketed nation-states and organized crime groups are providing substantial funding to hackers for hire, giving them the capital they need to hone their techniques. We saw this first hand after analyzing the Hacking Team data dump and reverse engineering the RCS (Remote Control System) platform where persistence and data gathering capabilities were released as customer facing services with 24/7 customer support.
Meanwhile, most companies lack the budgets to employ a squad of security analysts. With the odds stacked in favor of those conducting the offensive operation, the defenders are almost certain to lose.
In other words, security professionals are being overpowered and outmaneuvered by adversaries. Simply put, there are too many well-funded hackers who have a variety of sophisticated attack methods at their disposal.
The security industry also struggles with finding big-data talent and data scientists with relevant cyber-defense experience. To fight advanced threats, organizations must assume their network has already been infiltrated and proactively hunt the attackers. This method requires collecting massive amounts of data and analyzing it, hoping to discover abnormal behaviors that indicate a cyber attack. To carry out this approach, businesses are seeking security analysts with some type of data science background - a very rare combination of skills, producing negligible hiring results at best.
And nearly every business is hoping to profit from big data, creating a nearly insatiable need for people who can glean insights from the reams of data businesses have amassed.
Even if companies could assemble a team of talented security experts with data analysis skills, they would be overwhelmed by the task ahead of them. To discover APTs, analysts have to ask millions of questions about suspect activity, like is an IP address malicious or has a domain administrator’s credentials been reused to gain access to a high-value asset, in a matter of seconds. And they would have to run these queries not just on one computer but all the machines at a company. Finally, they would need collect the answers, analyze this data, apply threat intel, apply context and assemble these details into a full attack picture.
In reality, security analysts already have a daunting job. They receive hundreds or thousands of alerts every day and don’t have the time to investigate each one. An analyst spends an average of one hour investigating a threat, meaning they don’t look into a majority of the alerts. Analysts are inundated with information and face a huge workload, perhaps partially explaining why the average breach takes 220 days to detect, according to the 2015 Verizon Data Breach Investigations Report.
Companies are left struggling to find security analysts with data science knowledge while those organizations that manage to hire someone with this background are subjecting them to a task that’s overwhelmingly complex.
Advancements in technology can help solve these hiring challenge. Automated hunting, for example, supplements a company’s existing security team, sparing an enterprise from engaging in the war for security talent. This technology essentially supercharges analysts, providing less experienced employees with the information they need to understand the multiple steps taken by a threat and deter impact.
Automated hunting works by collecting large volumes of data from an enterprise’s complete IT environment and applying data science techniques, like machine learning, to detect malicious activity in the form of detection modules. These methods work best when data is collected in real time, giving companies an accurate and timely representation of their IT environment while providing analysts with a complete attack picture and advice on how to shut down the threat.
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...
Microsoft introduces vulnerabilities at an astounding pace, but still wants organizations to bundle IT and Security spend with an expensive E5 license - learn why "good enough" security is just not good enough for today's advanced threats...
An AI-driven XDR solution enables organizations to embrace an operation-centric approach that delivers the visibility required to be confident they can halt attack progressions at the earliest stages...
Microsoft introduces vulnerabilities at an astounding pace, but still wants organizations to bundle IT and Security spend with an expensive E5 license - learn why "good enough" security is just not good enough for today's advanced threats...
Get the latest research, expert insights, and security industry news.
Subscribe