Cybereason vs. Carbon Black: Why Delayed Detections Matter
In a recent MITRE ATT&CK test, Carbon Black had a 9% delayed detection rate - delayed detections leave organizations open to ransomware and other attacks...
With nearly every entity imaginable, from political organizations like the Democratic National Committee to Web mail providers like Yahoo, suffering data breaches, organizations are growing weary with each new security solution vendors and channel partners pitch them, Cybereason Chief Product Officer Sam Curry told news site CRN in a video interview.
“To the partner community: Your customers, they’re fed up with the security industry,” Curry said. “Those who have invested in it for a long time have bought box after box and service after service, and they’re still seeing their colleagues, if not themselves, get breached.”
The tried-and-true security tools are no match for the sophisticated opponents organizations are facing, Curry continued.
“We’re entering an age where the sophistication of the opponents is extremely high. They’re obviously very motivated. But the tools and techniques used now aren’t going to be stopped by the traditional defenses.”
For proof, look at the news, which is constantly filled with stories about big breaches, he added.
A new approach is needed that uses behavioral analysis to detect attacks instead of relying on indicators of compromise (IOCs), added Cybereason CISO Israel Barak.
“The way to stop an attacker is by shifting our focus on how we identify and detect and respond to an attacker as opposed to what we are doing today: stopping and blocking specific files or IPs or domains,” he said.
Attackers can easily change IOCs, said Barak, explaining that acquiring an unlimited number of domain names, generating an endless supply of IP addresses or constantly creating new file hashes is a very simple task. To counter these tactics, a different kind of security technology is needed, he said.
This technology “will help investigators hone in on incidents that matter and behavioral patterns they need to look at to get answers on questions like is this bad activity or can it be dismissed,” he said.
Creating an environment where security teams take a proactive approach to information security requires creating an environment “where people have the ability, the desire, the natural inclination to go and cut off the opponent,” said Curry.
You need to ask “how do you equip them to absolutely frustrate these guys,” he said.
Watch the complete interview on CRN's site.
Fred is a Senior Content Writer at Cybereason who writes a variety of content including blogs, case studies, ebooks and white papers to help position Cybereason as the market leader in endpoint security products.
In a recent MITRE ATT&CK test, Carbon Black had a 9% delayed detection rate - delayed detections leave organizations open to ransomware and other attacks...
AI is changing the landscape of detection methodology. In order to stay ahead of adversaries, Greg Day breaks down how cybersecurity vendors need leverage AI within their threat detection, prevention & response.