By Sanjay Raja, VP Product Marketing and Solutions, Gurucul
One of my top cybersecurity initiatives for 2022 is improving threat detection and response. Initial compromises are inevitable, and most often originate from phishing attacks, social engineering, or insider threats.
The initial compromise lays the groundwork for enabling malware to be installed, and it’s very difficult to predict against.
You can have pretty good defensive measures where you are filtering out a lot and are helping security teams to be more effective. But it doesn’t change the fact that only one compromised system can cause a lot of damage.
As someone once said, one apple can spoil the whole bunch. So, you must be ready to detect and prevent against even a single compromise.
Reducing the Burden on Security Teams and Accelerating Investigations
The other issue is around reducing the burden on security teams. What can we do when we have a security skills shortage, and it’s becoming more and more difficult to be able to scale a team up?
We need to be able to accelerate investigations with the skills we have on deck. What that really means is we have to provide enough context to help everyone in security at any level to be able to identify anomalies that are part of an overarching attack campaign much sooner in the discovery phase – ideally, in real-time.
This requires security analysts to be told what an actual threat is, or they need to be able to figure it out for themselves by investigating further to determine whether it’s a true threat.
But they need to be able to do this in a fast and responsive way. Unfortunately, a lot of solutions out there make it very difficult to be able to tie those pieces together.
The real end goal, though, is the response. Now that you know that something anomalous is inside your network and you know that it’s part of the attack campaign, what do you do right now? What do you do next? And how do you respond quickly before of the attacker can do damage?
Whether that’s stealing data, causing disruption, turning off systems, or downloading ransomware – all of these are destructive actions that an attacker can take. And you need to be able to respond before any malicious action occurs. Obviously, it can get quite damaging and quite costly if you don’t respond rapidly and definitively.
Challenges with XDR and SIEM
There are challenges with current XDR and SIEM solutions that you may have invested in that provide incomplete infrastructure-wide visibility. You’ve got remote workers. You’ve got cloud solutions. And you need to pull in data from all sorts of different environments.
Without getting a full, complete picture of all the data that’s out there, you’re unable actually to see what’s going on.
This is where a lot of these environments are insufficient because they’re not pulling the data from every location across multi-cloud. So that leaves a lot of visibility gaps.
Those are visibility gaps that attackers know to exploit. So, this is where you really need infrastructure-wide visibility and have solutions in place that can actually pull in all that data effectively.
Lack of Real-time Adaptability to New Threats
The lack of real-time adaptability to new threats is really key because what we’re seeing is that attackers aren’t just sitting on their laurels leveraging an attack or leveraging vulnerabilities they’ve seen.
They’re changing up existing attacks, making new variants, changing techniques, and doing whatever they can do to evade existing systems.
The problem with security platforms that aren’t adaptable is that they don’t really learn from prior behaviors and prior events. You’re reliant on the vendor to create patches and create new signatures, new pattern matches, to be able to identify that those attacks are going on.
First, the vendor has to know about the attack. Second, they have to develop the actual new pattern, and they have to be able to get it to you in a timely manner before the attack takes hold inside your systems. And they have to get it right.
It’s quite a challenge when you are depending on the solution you have and the vendor you have to get it right. A lot can and does go wrong. A better approach is to work with a vendor like Gurucul who provides true machine learning models that can adapt to changing conditions and virus variants in real-time. Self-learning algorithms are what machine learning is all about in the real world of defense in-depth cybersecurity.
Too Many IoCs and False Positives to Chase
It’s surprising to me, after all this time, that we are still seeing security teams chasing false positive alerts. Security teams are overburdened. The amount of data that they require to be able to do their job doesn’t mean that the indicators of compromise (IoC) and the events popping up need to go up as well.
This is where consuming more data ends up being super noisy with traditional XDR and SIEM systems. You end up receiving too many indicators of compromise. That’s not the solution. All it does is throw more noise at security analysts and dilute the real attacks.
You need to be able to reduce the noise level to what’s really important and keep analysts from chasing down those annoying false positives, which is a major problem.
Some statistics show 70% of what security analysts investigate are false positives. So, reducing that number is just as important as reducing the overall noise that’s coming in.
This is one of the areas that can lessen the burden on a security team, and where you can certainly do more with less. You don’t have to hire ten more people if you can simply process and address more of the key alerts that need to be investigated.
Addressing the Security Skills Gap
I mentioned the security skills gap, where we’re having a lot of junior folks coming into security and learning on the job. The lack of contextual information and the ability to prioritize what’s important is really hurting them too. Because honestly, they don’t know what next steps to take.
They may escalate an investigation to a senior analyst and quickly overburden that analyst, one of the tier one analysts. That’s far from optimum because there are very few tier one security analysts out there so we need to reserve their expertise for the most difficult cases.
More context, more help, and more automation is what’s needed to help junior security analysts get to answers more quickly, and improve their ability to do their job. And it also reduces the burden on the more senior analysts who are focused on much deeper investigations. This is all part of what’s needed to improve security operations.
Where to Invest?
So, let’s talk about where to invest. When we talk about some of the investment areas, one of us talked about getting consolidated views across on-prem, multi-cloud, and remote systems.
The key here is to do it without escalating costs. That’s really the chat, is that most security solutions, especially monitoring SIEM solutions, data collection solutions, whatever they are, end up charging based on the incoming data. That’s not cost effective.
Finding solutions that are charging based on helping security teams pull in as much data as possible, and being able to investigate those sources are more effective.
We are hearing from a lot of people, especially as they move to cloud and remote offices, that the amount of data they’re collecting has gone up quite a bit.
And suddenly, they’re getting charged a lot more for being able to do that data collection for functionality that they should be getting already. They’ve already paid for that. So again, this is something where people are looking to invest in solutions that can help reduce that burden and especially the cost.
More data with fewer alerts and false positives is the key. How do I ingest more data and yet reduce my workload at the same time? Solutions that can help filter all out of that noise and lower the false positive rate are critical for security teams to be successful.
Improving Context and Prioritization for Junior Analysts
Being able to provide more refined data is key to enabling our security analysts. Delivering with high confidence anomalous data to be investigated is critically important to prevent junior analysts from unnecessarily chasing false positive alerts.
It really enables them to be more effective at their job and learn more quickly how to do a better job so they aren’t escalating everything, and aren’t chasing things they shouldn’t be chasing. We want them hyper-focused on high-priority alerts only. Then help them conclude what they need to do to be able to fix or remediate the issue.
That’s going to help you accelerate not only your investigations but also your responses, which means you’re going to have fewer actually successful attacks.
Using More Advanced Analytics
It’s important to understand the nuances behind vendor claims around analytics and machine learning. Many vendor “analytics” capabilities are really just correlation rules. To stave off today’s threats, you absolutely need truly advanced analytics.
Machine learning and artificial intelligence have been thrown around a lot in the last several years. Unfortunately, it’s been misused quite a bit. But if you can find vendors that really are using proper machine learning techniques. That’s where the power is in terms of helping to automate not only your investigations but also your threat detection and even your response capabilities.
True machine learning adapts to new variants in real-time. You’ll have higher confidence in what’s out there and what you’ve identified as an actual attack campaign. You’ll also know what the steps are to be able to remediate that attack campaign before it does damage.
Adding behavior analytics into your security practice is important. We’ve come a long way from old network behavior analytics to where user and entity behavior analytics are really key because we’re seeing things like privileged access violations.
Baselining what’s normal, and what’s not normal.
Being able to with high confidence correlate that data to know, “This is something new that we haven’t seen before, but we know it’s an attack.”
Again, this is where we’re seeing organizations invest in security analytics and next-generation SIEMs.
About the Author
Sanjay Raja brings over 20 years of experience in building, marketing and selling cyber security and networking solutions to enterprises, medium-to-small business, and managed service providers.
Previously, Sanjay was VP of Marketing at Prevailion, a cyber intelligence startup. Sanjay has also several successful leadership roles in Marketing, Product Strategy, Alliances and Engineering at Digital Defense (acquired by Help Systems), Lumeta (acquired by Firemon), RSA (Netwitness), Cisco Systems, HP Enterprise Security, Crossbeam Systems, Arbor Networks, Top Layer Networks, Caw Networks (acquired by Spirent Communications), Nexsi Systems, 3Com, and Cabletron Systems.
Sanjay holds a B.S.EE and an MBA from Worcester Polytechnic Institute. Sanjay is also a CISSP as well as Pragmatic Marketing certified.
Republished with permission. Originally here.
Gurucul Returns to Compete in 2022 ‘ASTORS’ Homeland Security Awards Program
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now in its Seventh Year, recognizes industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
Final Nominations are being accepted for the 2022 ‘ASTORS’ Homeland Security Awards at https://americansecuritytoday.com/ast-awards/.
|Access Control/ Identification||Personal/Protective Equipment||Law Enforcement Counter Terrorism|
|Perimeter Barrier/ Deterrent System||Interagency Interdiction Operation||Cloud Computing/Storage Solution|
|Facial/IRIS Recognition||Body Worn Video Product||Cyber Security|
|Video Surveillance/VMS||Mobile Technology||Anti-Malware|
|Audio Analytics||Disaster Preparedness||ID Management|
|Thermal/Infrared Camera||Mass Notification System||Fire & Safety|
|Metal/Weapon Detection||Rescue Operations||Critical Infrastructure|
|License Plate Recognition||Detection Products||COVID Innovations|
|Workforce Management||Government Security Programs||And Many Others to Choose From!|
Don’t see a Direct Hit for your Product, Agency or Organization?
Submit your category recommendation for consideration to Michael Madsen, AST Publisher, at: firstname.lastname@example.org.
Homeland Security remains at the forefront of our national conversation as we experience an immigration crisis along our southern border, and crime rates that are dramatically higher than before the Pandemic across the United States.
These challenges have become a national priority with an influx of investments in innovative new technologies and systems.
The pinnacle of the Annual ‘ASTORS’ Awards Program is the Annual ‘ASTORS’ Awards Presentation Luncheon, an exclusive, affordable, gourmet, full-course plated meal event, in the heart of New York City, held at the International Security Conference & Exposition (ISC East) since it’s inception in 2017.
And who better to address the aforementioned challenges, and initiatives to meet today’s threat landscape than Deputy Executive Assistant Commissioner (DEAC) Diane J. Sabatino of the Office of Field Operations, U.S. Customs and Border Protection (CBP), the opening keynote speaker at the much-anticipated 2022 ‘ASTORS’ Awards Presentation Luncheon, on Wednesday, November 16th, 2022.
As the DEAC of the Office of Field Operations, U.S. Customs and Border Protection (CBP), Mrs. Sabatino leads more than 31,000 employees and oversees an annual operating budget of $6.5 billion.
(Hear a recent interview with Deputy Executive Assistant Commissioner (DEAC) Diane J. Sabatino held at Identity Week Europe on leveraging biometric comparison technology in U.S. air, maritime, and land border environments for the security of passengers, enhancing the customer experience and limiting the transmission of biological pathogens while respecting personal privacies and educating the public as the CBP further expands the implementation of biometrics to keep up with threats to the aviation and other border sectors. These new technological tools are there to automate administrative functions so that the most valuable component of the process, the officers, are able to focus on critical issues as they arise. Courtesy of evie kim sing and YouTube. Posted on Jul 13, 2022.)
Enter, American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields with a circulation of over 75,000 readers and many tens of thousands more visiting our AST Website at www.americansecuritytoday.com each month.
The continually evolving ‘ASTORS’ Awards Program will emphasize the trail of Accomplished Women in Leadership in 2022, as well as the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders. #MentorshipMatters
So be on the lookout for Special Guests, Presenters, Book Opportunities, and Attendees at the 2022 ‘ASTORS’ Awards Presentation Luncheon in November of 2022 in NYC!
The United States forever changed on September 11th, 2001, and we were fortunate to have many of those who responded to those horrific tragedies join us at our 2021 ‘ASTORS’ Awards Presentation Luncheon.
In the days that followed 9/11, the critical need to protect our country catapulted us into new and innovative ways to secure our homeland – which is how many of the agencies and enterprise organizations that are today ‘ASTORS’ Awards Champions, came into being.
Our 2021 keynote speaker featured a moving and informative address from TSA Administrator and Vice-Admiral of the United States Coast Guard (Ret), David Pekoske; to our attendees who traveled from across the United States and abroad, on the strategic priorities of the 64,000-member TSA workforce in securing the transportation system, enabling safe, and in many cases, contactless travel.
Legendary Police Commissioner William Bratton of the New York Police Department, the Boston Police Department, and former Chief of the Los Angeles Police Department was also live at the event, meeting with attendees and signing copies of his latest work ‘The Profession: A Memoir of Community, Race, and the Arc of Policing in America,’ courtesy of the generosity of our 2021 ‘ASTORS’ Awards Premier Sponsors.
The 2022 ‘ASTORS’ Awards Program is Proudly Sponsored by New PLATINUM SPONSOR: NEC National Security Systems (NSS), New Premier Sponsors Rajant Corporation, and guardDog AI, and returning Sponsors ATI Systems, Automatic Systems, RX Global, and SIMS Software!
In 2021 over 200 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields, which included:
The Transportation Security Administration (TSA)
ICE Homeland Security Investigations (ICE HSI)
DHS Science & Technology (S&T)
The Metropolitan Police (MPD)
The U.S. Fire Administration (USFA)
The San Diego Harbor Police Foundation, and Many More!
ISC East is the Northeast’s leading security & public safety event, hosted in collaboration with premier sponsor Security Industry Association (SIA) and in partnership with ASIS NYC.
Each year, in order to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government and law enforcement/first responder practitioners, convene in New York City to network, learn and evaluate the latest technologies and solutions from premier exhibiting brands.
This combination of one-on-one conversations with top innovators, high-quality special events, and cutting-edge education and training, make ISC East the most comprehensive East Coast event to guide the industry in getting back to business.
Taking place November 15-17 at the Javits Center in NYC (SIA Education@ISC: November 15-17 | Exhibit Hall: November 16-17), ISC East will be co-locating with the Natural Disaster & Emergency Management Expo (NDEM EXPO), a comprehensive trade event and online resource dedicated to the preparation, response, and recovery of physical and human assets of public and private organizations. Qualified professionals who register for ISC East will be granted access to both events.
Corporate firms, the majority of which return year to year to build upon their Legacy of Wins include:
AlertMedia, Allied Universal, AMAROK, ATI Systems, Attivo Networks, Axis Communications, Automatic Systems of America, BriefCam, Canon U.S.A., Fortior Solutions, guardDog.ai, Hanwha Techwin of America, HID Global, Mark43, IPVideo Corporation, Konica Minolta Business Solutions, Lumina Analytics, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Senstar Corporation, ShotSpotter, Singlewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and Wiresecure, just to name a few!
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state, and local levels as well as from private firms allied to the government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to the large number of persons and resources clustered together.
(See just a few highlights of American Security Today’s 2021 ‘ASTORS’ Awards Presentation Luncheon at ISC East. Courtesy of My Pristine Images and Vimeo.)
To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, please see the 2021 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2021 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of Annual ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.
It serves as your Go-To Source throughout the year for ‘The Best of 2021 Products and Services‘ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware and Networking Security – Just to name a few), the 2021 ‘ASTORS’ CHAMPIONS EDITION has what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It also includes featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2021 ‘ASTORS’ Awards Program.
For a complete list of 2021 ‘ASTORS’ Award Winners, begin HERE.
For more information on All Things American Security Today, as well as the 2021 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at email@example.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos