Published on July 20, 2017
We have firewalls, IPS, endpoint protection, DLP, SIEM and we still continue to get breached. The average breach to detection time is over 220 days, far too long. We are collecting the necessary information to do better than that. Pick any of the breaches over the last few years and we had the data available to go back and forensically determine the who, what, when and how of what happened. We just are failing to use that data proactively today to stop the data breach incidents.
With all this security technology deployed, how can that be happening? An information security program consists of people, process, and technology. Unfortunately, the current technology is not adequately supporting its, role nor the people and process side of the equation. One of the challenges we have today is data overload from so many irrelevant and false positive events. This is the result of several factors: the first is the fact that we operate in silos. Our data and teams are separate, DLP doing their thing, SIEM group doing their thing, IAM team doing their thing. Second, we are relying on signature-based rules to find threats in our data today. This means we are relying on our people to be one step ahead of every threat they can possibly face. The third challenge is our people; we don’t have enough of the highly trained people necessary to fill the open roles we have today. We also lack skills even in the positions we have staffed today.
The first 2 challenges exasperate the last challenge. We are short on human resources yet we are using them ineffectively, using them to perform trivial tasks like correlating data between silo’s and adding context to logs to make a determination. We are also overburdening the resources we have with the false positive alerts coming out of the signature based systems we use today. Our people are completely reactive today, overburdened with tasks that we should be able to leverage technology to perform.
A security analytics platform leverages the power of big data and data science to solve the people, process and technology challenges we described above. Using the power of open, highly scalable, economical log management allows us to eliminate the silos of data that exist in our environments today. The advanced correlation and super-enrichment of this data removes that manual task from our people, allowing them to focus not on real risk to the organization.
To support those efforts, Securonix leverages machine learning and threat modeling to eliminate the alert fatigue our teams are burdened with today. Securonix utilizes behavior analytics models based on supervised and unsupervised machine learning, statistical analysis and rules. The ability of a behavior analytics platform to utilize signature-less technology to baseline normal and immediately alert to abnormal or outlier behavior provided the missing link to the technologies we have today. Add in out of the box threat models to support thousands of use cases supporting insider threat, data exfiltration, privilege account abuse, access reviews and abuse, fraud, cyber risk and compliance and you now have the ability to proactively identify threats and stop them before the exposure occurs.
For more information on how Securonix transforms advanced cyber threat detection using machine learning and data science, read the SANS review of Securonix Next-Gen SIEM.