The post High Volume of Security Alerts Emotionally Overwhelm 70% of SOC Teams: Trend Micro Study appeared first on CISO MAG | Cyber Security Magazine.
]]>↑ in Security Alert Volumes = ↑ in Emotional Stress
Work and stress are always interlinked, and this is quite evident in Trend Micro’s study too. A striking majority of 70% of respondents complained that their personal lives were being emotionally impacted by their work of managing IT threat alerts. This is further proven by the fact that 51% of the surveyed individuals feel their team is being overwhelmed by the volume of alerts and another 55% admit that they are no more entirely confident about prioritizing and responding to these alerts.
These findings are corroborated by a recent Forrester study, which found that “security teams are heavily understaffed when it comes to incident response, even as they face more attacks. Security operations centers (SOCs) need a more effective method of detection and response; thus, XDR takes a dramatically different approach to other tools on the market today.”
This fatigue caused by the high volume of alerts leaves many SOC managers irritable with friends and family and work, forcing them to:
- Turn off alerts or walk away from their computer (43% do so occasionally or frequently)
- Hope someone else from the team steps up (50%)
- Ignore what is coming in entirely (40%)
Of all surveyed respondents, 74% said that they are already dealing with a breach or expecting one within the year. Given the estimated average cost per breach of $235,000, the consequences of such actions could be disastrous and need immediate attention.
Bharat Mistry, Technical Director for Trend Micro, said, “SOC team members play a crucial role on the cyber frontline, managing and responding to threat alerts to keep their organizations safe from potentially catastrophic breaches. But as this research shows, that pressure sometimes comes at an enormous personal cost. To avoid losing their best people to burnout, organizations must look to more sophisticated threat detection and response platforms that can intelligently correlate and prioritize alerts. This will not only improve overall protection but also enhance analyst productivity and job satisfaction levels.”
Related News:
NCSAM: Hybrid Workforce and its Cybersecurity Implications
Use SOC 2 Examinations to Keep Your Security Program in “Chek”
The post High Volume of Security Alerts Emotionally Overwhelm 70% of SOC Teams: Trend Micro Study appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Unleashing XDR to Transform Enterprise Threat Detection and Response appeared first on CISO MAG | Cyber Security Magazine.
]]>By Vijendra Katiyar, Director – Enterprise Business, India & SAARC, Trend Micro
Notwithstanding the increase in investments in cybersecurity in the last five years, the threat landscape is burgeoning. According to a report by Verizon, the meantime to identify a breach has increased to 197 days, and containing it increased to 69 days across the industry vertical.
Traditionally, the endpoint protection platform (EPP) was considered “THE” solution to protect your organization. However, this philosophy has drastically changed with the assumption of the genuine possibility, “I will be breached.” It leads to the next question of effective detection and response strategy to deal with the threat once the network is compromised. EDR strategy has helped organizations to identify and respond to attacks they believe would have gone unnoticed. With the volume and sophistication of modern attacks, does it still hold good?
EDR an Eye-opener: Starting Point in Detection and Response Strategy
EDR was an eye-opener to the industry and a must-have starting point to redefine enterprise-wide Threat Detection and Response (TDR). EDR gives a lot of visibility on what is happening on endpoints by capturing activity data, using which we can detect and respond. However, in an enterprise, the endpoint is just one piece of an IT infrastructure, and there could be EDR blind spots like IoT, printer, contractor/ guest endpoints, etc.
While 94% of attacks start with phishing, email becomes a vital vector to consider. With the increasing cloud adoption and serverless platforms, it has become pertinent to have an effective detection and response strategy for cloud infrastructure. Additionally, there is an entire IT/OT convergence underway, where OT is increasingly becoming part of the IT infrastructure connected to the network. With this scenario, the effective detection and response strategy has to be extended beyond endpoint to email, network, cloud, and IIoT.
Going back to the analogy, to be victorious in war, enemy threats and attacks need to be confronted vehemently at all fronts (i.e., air, land, water) to avoid penetration and siege. You don’t go to war with the Army alone; you usually need the assistance of the Air Force, Navy, and Intelligence side-by-side to complement your overall combat strategy. If we were to juxtapose this analogy to cybersecurity: the endpoint in XDR is the Army; Air support is cloud security; network visibility is the Navy at sea, threat research is Military Intelligence, and the centralized console is your Unified Command.
Emergence of XDR
If you can record what happened on the endpoint, why couldn’t you record everything on the intrusion kill chain for later review? XDR expanded the EDR idea. The XDR platform would give you complete visibility at every phase of the kill chain, including the endpoints, giving enterprises the ability to monitor and account for compromise, no matter where it originates.
The dwell time (MTTD/MTTR) is adequately addressed by XDR through:
- Full visibility – the complete picture
- Speed and confidence to respond
- High fidelity alerts
- Vendor consolidation
- Correlation and collaboration
Choosing the Right XDR Solution
An attack that resulted in alerts on email, endpoint, and network can be combined into a single incident. An XDR solution’s primary goals are to increase detection accuracy and improve security operations efficiency and productivity. Effective XDR solution should have:
- Multi-prevention techniques and not rely on AI/ ML only.
- Complement existing SIEM/SOAR by sending consolidated high fidelity alerts, which minimizes the level of noise and raw information.
- Managed services to address skill shortage.
- Solution/platform to break silos and tell a story of the attack life cycle.
The XDR approach delivers faster detection and response across the multiple security layers because it breaks down the silos, and it tells a STORY instead of making noise.
When you have incomplete threat data, you see an incomplete security picture. Or worse, you may see the wrong picture. And in cybersecurity, the price to pay for seeing the wrong picture is hefty.
This story first appeared in the December issue of CISO MAG. Subscribe now!
About the Author
Vijendra Katiyar is the Director – Enterprise Business, India & SAARC, Trend Micro. He has more than 14 years of experience in technical, sales and cybersecurity consulting. He has driven strategic business decisions with practical tools and processes, translating to Trend Micro’s enterprise revenue growth to 100% in the last four years. He holds Masters of Business IT from RMIT and has successfully pursued the ISB team leadership program along with various other certifications.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
The post Unleashing XDR to Transform Enterprise Threat Detection and Response appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Organizations Need to Secure Their Endpoints with Smarter Solutions appeared first on CISO MAG | Cyber Security Magazine.
]]>By Michelle Salvado, VP & GM Endpoint Security, FireEye
A number of factors contribute to this rise of attacks; from the increase in the number of threat actors to the sophistication of the attacks, to the widening attack surface. Financial gain is still the most common motive behind data breaches, but there has been a rise in breaches associated with government and corporate espionage — carried out by both criminal and government-sponsored groups. These groups have become more sophisticated, moving away from brute force methods and viruses, more often using social and personal attacks, such as phishing, to establish a foothold and then worm their way into an organization. With the growth of BYOD, the proliferation of mobile and cloud, and new IoT advancements, attack routes are ever-increasing.
Traditional defenses are inadequate today
Traditionally, cybersecurity departments would deploy desktop anti-malware to stop threats. These solutions compare an item, such as an attachment or URL, to an internal database of threat signatures. A new signature is created for a threat after it has caused issues (because an organization has been hit by it already). A file or URL is traced to a specific compromised site that is updated as a threat source, it is blocked and then the organization’s endpoints are updated with the new threat signature. This can also be the case for a known good location, which can be “whitelisted” or allowed based on its reputation. As necessary as it is, all of this takes a tremendous amount of time and resources. Sadly, as soon as a good “whitelisted” site is given a clean bill of health, it can be hacked and become a source of malware, indicating that static files are continually out of date.
Historically, these have worked well enough, if the endpoints are able to be updated frequently with new signature databases. In the last few years, new threats and new methodologies have been used to attack at a far faster rate than systems could be updated. Threats were created and targeted to bypass their existing identity base, using social or email campaigns, such as phishing or identity impersonation. Consequently, the percentage of threats they could block has significantly diminished.
So, the problem is not whether a site that relies on these traditional models will be penetrated; it’s when and whether anyone will discover it before it causes damage.
This situation is much like taking a conventional passenger van and putting it in a drag race against a Formula One racer. The van would be sorely outclassed against its competitor from start to finish. In effect, the F1 could make multiple laps before the van finished its first lap. This doesn’t mean the van has no value; it certainly does. But if it’s expected to play in this new field, it needs new capabilities. Unfortunately, even if we can make it faster, it still has a basic design that will always limit its top speed, no matter how much it is modified. A full redesign and new thinking of the van would be required before it would even have a chance to compete.
Closing the gaps
Essentially, there is a gap between conventional endpoint security methods and new-age technology to block advanced threats, dynamic detection that goes beyond signatures, and whitelists, which needs to be closed. Responding to threats requires an understanding of the attackers, their tools, techniques, and procedures, not just cataloging threats. Doing this requires analysts to use sophisticated tools to inspect and analyze all threats in real-time across an entire organization, from its core to all its endpoints.
Newer, advanced, and flexible endpoint protection, often labeled “next-generation” endpoint security solutions, can combat these threats by providing both advanced endpoint protection (EPP) — and newer endpoint detection and response (EDR) capabilities to find the breaches quickly when they occur. Some of the prime advantages of this next-generation endpoint security solution include:
- Defending the endpoint with a defense in depth mindset. Start with the best of legacy system signature-based detection to find and block common malware. Then, add in new capabilities, such as behavioral-based and machine learning engines to find the advanced threats.
- Finding the threats that have bypassed the advanced protection, advanced detection using intelligence-based indicators of compromise. Once found, inspecting and analyzing the breach to obtain a complete activity timeline or forensic analysis and gather details on any incident.
- Conducting complex searches of all endpoints to find known and unknown threats, isolate compromised devices for added analysis with a single click, then deploy fixes across all endpoints.
Conclusion
Even with all these capabilities to address the wide variety of threat types and methodologies organizations are constantly facing, integrated capabilities are the key to providing an effective defense. Next-generation endpoint security encompasses comprehensive endpoint visibility and threat intelligence, which enable analysts to adapt their defense based on real-time details to deploy informed, tailored responses to the threat activities. This must be delivered within an integrated and automatic threat detection and prevention system that is tightly coupled with threat intelligence and detailed threat visibility. Automation can address the overwhelming volume of threats, along with integrated threat intelligence and endpoint visibility, allow intelligence analysts to gather details on high-risk threats and quickly determine an effective response and deploy across the entire organization.
With this next-level of smart, comprehensive and integrated endpoint defense solutions, security professionals are enabled to block the common and advanced threats and find and respond to breaches when they do occur. Security professionals are no longer driving an outdated van trying to keep up with the F1 racer, but rather an advanced, rebuilt racer specific to this new environment.
About the Author
Michelle Salvado is the Vice President & GM for Endpoint Security at FireEye. She is an accomplished technical leader with deep knowledge of software engineering execution, operations, agile transformation, adoption, process implementation and continual improvement. She also possesses a strong focus on coaching leadership in an effort to achieve enterprise agility and has proven experience in building and managing software engineering and services organizations.
Disclaimer
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
Is Your Endpoint Device Secure? Take our Endpoint Security Survey and win exciting goodies. Don’t miss out! Take Survey Now!
The post Organizations Need to Secure Their Endpoints with Smarter Solutions appeared first on CISO MAG | Cyber Security Magazine.
]]>The post High Fidelity Alerts from XDR Tools can Reduce Alert Fatigue: Trend Micro appeared first on CISO MAG | Cyber Security Magazine.
]]>By Brian Pereira, Principal Editor, CISO MAG
“It has become a huge challenge for organizations to detect the actual alerts and 76% of organizations agree that threat detection is more difficult today than it was two years ago. This is because 80% of those alerts are false positives,” said David Ng, Head of Enterprise Business, Singapore, Trend Micro. He was speaking at the virtual launch of Trend Micro XDR (Extended Detection and Response) on August 24, 2020.
David also quoted a study from the Ponemon Institute that reveled 65% of SOC professionals felt like quitting their jobs due to burnout and lack of visibility. And the security skills gap is compounding the problem.
“EDR technology was supposed to reduce the meantime to detect threats. But we don’t see that happening. In fact, there was a marginal increase over the last three years, and that will lead to a longer mean time to respond,” David added. “Today an incident takes 3.5 days to respond.”
The other problem is uninvestigated alerts and 70% of alerts go uninvestigated.
“There are too many alerts in the SIEM, and security professionals are unable to detect these,” said David. “This will lead to cost fatigue.”
A key finding of the Gartner report shows that “Security and risk management leaders are struggling with too many security tools from different vendors with little integration of data or incident response.”
What is Extended Detection and Response (XDR)?
Gartner defines XDR as a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.
According to Gartner, XDR products:
- …are beginning to have real value in improving security operations productivity with alert and incident correlation, as well as built-in automation.
- …may be able to reduce the complexity of security configuration and incident response to provide a better security outcome than isolated best-of-breed components.
- …have significant promise, but also carry risks such as vendor lock-in. The XDR market is immature, and capabilities vary widely across products from different vendors.
Gartner also says that while XDR overcomes some of the limitations of SIEM, it is not a replacement for decades-old SIEM technology. XDR is not a replacement for all SIEM use cases, such as generic log storage or compliance.
However, XDRs are differentiated by the level of integration of their products at deployment, and they focus on threat detection and incident response use cases.
Moreover, while the SIEM solution is now delivered as SaaS, most XDR products are developed using new cloud-native architectures and services, making them an emerging alternative or complement to existing SIEM tools. And since businesses are moving more infrastructure to the cloud, XDR is better suited to protect their cloud-native environments.
The post High Fidelity Alerts from XDR Tools can Reduce Alert Fatigue: Trend Micro appeared first on CISO MAG | Cyber Security Magazine.
]]>The post Navigating Cybersecurity in the New Normal appeared first on CISO MAG | Cyber Security Magazine.
]]>By Dr. Moataz Binali, Vice President for Middle East & North Africa, Trend Micro
Cybercrime Outlook
During Q1 2020, Trend Micro discovered and blocked over 9,773 COVID-19 related cyber-attacks, in the Gulf region alone. These include 8,984 email spam attacks, the 4th-highest in Asia; 772 URL attacks, the 6th-highest in Asia; and 17 malware threats detected. Moreover, globally, our researchers observed a 220x spike in spam, and a 260% increase in malicious URL hits. .
It is also worth stating that Security Predictions for 2020 released last year, flagged that home offices and other remote-working setups will redefine supply chain attacks. Hence, decision makers will have to be wary of risks introduced by work-from-home arrangements and internet connected home devices that blur the lines in enterprise security. These increasingly sophisticated attacks will extend business email and process compromise well past simple redirection of funds or malware infection. Thus, the employee’s home environment can become a launch point for supply chain attacks.
As such, it is important that all those in a cybersecurity role must consider how they are going to protect a significantly more vulnerable ecosystem and overhaul their postures.
Where do we go from here?
So, remote workers are vulnerable for two reasons – their unprotected machines and the fact that the region is a high-value target for attackers. To properly protect a remote-working setup, security professionals must look at a multi-layered approach that covers emails, networks, endpoints, servers, and cloud workloads. Collect enough information on those elements and feed it to AI-powered platforms, and one gets a highly accurate real-time view of the entire IT ecosystem. This allows better decisions and responses, less downtime, and safer environments.
Trend Micro has long taken an extended detection and response approach, known as XDR. By expanding the detection-and-response function to cover emails, networks, endpoints, servers, and cloud workloads, we can put advanced artificial intelligence to work in trawling that entire ecosystem looking for data points that correlate to those within Trend Micro’s global threat-intelligence data-pool. Such an approach delivers higher-fidelity alerts with fewer false positives, leading to better, earlier detection.
With Trend Micro’s XDR platform, security professionals are also presented with a single dashboard that allows easy, one-click drilldown into the most relevant events, with graphically clear representations of attack timelines and all related events. And with such visibility, they can get to the crux of an issue quickly, with minimal manual effort, determining its root cause and its impact on their organization. Capabilities such as these lead to wiser, more timely actions in real time and adjustments to strategy for the long-term benefit of the entire enterprise.
Unparalleled Security for Unprecedented Times
These times are challenging – during which governments and organizations in the region are doing their best to tackle challenges across every facet of work and life. Indeed, cybersecurity is a growing concern as more sophisticated attacks surface each day. If managed properly, we can still thrive enough so that we do not compound one crisis with another. And a sound cybersecurity strategy plays a vital role in that story.
To that end, our innovations have been built from the ground up to empower organizations to protect their journey from the endpoint – to the cloud. For example, our XGen security, which powers all of Trend Micro’s solutions – is a unique blend of cross-generational threat defense techniques that is continually evolving and optimized for each layer of security – user environments, networks and hybrid clouds – to best protect against the full range of known and unknown threats.
About the Author
As Vice President for Trend Micro Middle East and North Africa (MENA), Dr. Moataz Binali is responsible for spearheading the company’s strategy across the region, and advancing its position as a leader in cybersecurity that is passionate to make the world safe for exchanging digital information. A significant part of Dr. Binali’s role is to oversee Trend Micro’s efforts in enhancing the cybersecurity posture amongst governments and enterprises, contributing to the digital economy of MENA. Prior to joining Trend Micro, he held pivotal roles on regional level in global technology organizations such as SAP, IBM, and Microsoft.
Disclaimer
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.
The post Navigating Cybersecurity in the New Normal appeared first on CISO MAG | Cyber Security Magazine.
]]>