Transcription
THE 3 KEYS TOFASTER THREATRESPONSEBUSINESS-DRIVEN SECURITY SOLUTIONS
THREATS MOVE FAST.YOU HAVE TO MOVE FASTER.The bad news is it only takes minutes for acyber threat to become a data breach. Thereally bad news is it can take months to identifya threat and respond.1The yawning gap between when an attackhappens and when something’s done aboutit leaves organizations vulnerable to seriousbusiness damage.Today’s IT leaders are painfully aware ofthe need for faster threat detection andresponse. According to a study RSA recentlycommissioned, one of their top three concernsis about their ability to detect an attackin progress, while there’s still time to dosomething about it.212Verizon Data Breach Investigations Report 2017“Information Security Strategies in the Age of Zero-Day Threats,” Gatepoint Research PulseReport commissioned for RSA, April 2017RSA Ebook: The 3 Keys to Faster Threat Response2
There are clear reasons security teams have been slow to identify and respond to threats. We’ll betaking a closer look at them on the following pages. The good news is there are good ways to improvevisibility into threats, and you can learn more about them in The 7 Building Blocks of Better ThreatVisibility. Once you do detect a threat, there’s also a clear path to a faster response, when you havethese three key capabilities:The 3 keys to faster threat response1. Deeper insights through machine learning and analytics2. Broader understanding of the full scope of threats3. More context to set priorities for actionWe’ll be taking a closer look at those, too, so read on to learn more. And hurry—there’s no time to waste.RSA Ebook: The 3 Keys to Faster Threat Response3
TIME IS NOT ON YOUR SIDEJust how big is the problem of slow responses to threats? According to the latestRSA Threat Detection Effectiveness Survey:11% Organizations say they can90% Unsatisfied with75% Unsatisfied with their current abilityinvestigate attacks very quicklytheir response speedto detect and investigate threatsSource: RSA Threat Detection Effectiveness Survey 201648% of IT executives areconcerned about their abilityto detect an attack in progress,while there’s still time to dosomething about it.RSA Ebook: The 3 Keys to Faster Threat Response4
WHAT’S TAKING SO LONG?There’s no shortage of reasons security teams don’t respond to incidents as fast as they’d like to.They’re inundated by unprecedented amounts of threat data every day. As we’re fond of saying, if youcan’t see it, you can’t stop it.But better threat visibility is about more than just seeing what you’re up against. It’s equallyimportant—if not more important—to understand the nature and nuance of what you’re seeing.Difficulty assessing data accuracyNo way to see the scope ofthe problemA blizzard of threat data means a flurry ofsecurity alerts. Unfortunately, it also meansa risk of false positives among them.With data pouring in from so many sources—logs, packets, endpoints, cloud apps—securityteams are challenged to see the true scope ofa threat.IT executives in a study we commissionedsaid “too much noise” was the biggestnegative they experienced from falsepositives, citing the risk that security teamswill waste time on them while legitimatethreats loom.2That’s another major concern for IT execs inthe study RSA commissioned. On their list ofthreat detection challenges, “understandingthe full scope of an attack” was second onlyto keeping up with new threats.2Security teams need advanced analytics todetect threats automatically. Once a threat’sin view, they need deep insights to discernwhether it’s legitimate and, if so, how toprioritize their response.If the security team can’t see whether thesame indicators are showing up across allsources, they can’t discern whether a threatis confined to one area, or endangering theentire organization.2Lack of context to set prioritiesIs a threat targeting the server where all ofthe organization’s source code is stored? Orjust the one that has the daily lunch menu?No offense to Food Services, but if it’s a choicebetween the source code and the stroganoff,there’s no question what the security team hasto do first.How much time will they waste, though, ifthey don’t have that context available toprioritize threats?Hold that thought, and read on.“Information Security Strategies in the Age of Zero-Day Threats,” Gatepoint Research PulseReport commissioned for RSA, April 2017RSA Ebook: The 3 Keys to Faster Threat Response5
SURVEY SAYSWhat are some of the threat detectionWhat negative implications do you experienceand response challenges you’re currently facing?from false positive security %46%35%0%Keeping up withnew threatsUnderstanding the fullscope of the attackThey cause toomuch noiseThey create an inordinateamount of workSource: “Information Security Strategies in the Age of Zero-Day Threats,” Gatepoint Research PulseReport commissioned by RSA, April 2017RSA Ebook: The 3 Keys to Faster Threat Response6
IT’S ABOUT TIME: THE 3 KEYS TO FASTERTHREAT RESPONSESecurity teams can respond to threats faster when their visibility isaccompanied by three things: deeper insights and analytics, a morecomplete view of threats, and more context with which to judge threatcriticality. These capabilities are key to being able to recognize the natureof a threat, confidently decide how to respond and act quickly on thatdecision.1DeeperInsightsThe 3 keysto t32DEEPER INSIGHTS MORE COMPLETE INFORMATION FOR FASTDETECTION AND ACTIONForrester cites security analytics as essential in responding to threatsquickly enough to reduce the impact of a cyberattack.3 Analytics deliversdeeper insights into user behavior, device type and other variables, sosecurity teams can make better decisions faster. To maximize depth andquality of insight, apply a variety of techniques such as behavioral analytics,data science modeling and machine learning.BROADER UNDERSTANDING MORE COMPLETE VIEW OFPOTENTIAL IMPACTMultiple perspectives bring threats into sharper focus. We recommendcombining crowdsourced threat intelligence, information from experts andother findings, and applying them across the IT infrastructure for a betterunderstanding of the full scope of an attack. This makes it possible to connectwhat might otherwise look like isolated incidents and respond with a robustdefense—before major damage is done.MORE CONTEXT INVALUABLE INFORMATION FOR QUICKLYSETTING PRIORITIESAn awareness of context, particularly business context, is essential toresponding in the most timely, appropriate and effective way. When securitydetects a threat, knowing whether it’s targeting a critical system will guidethe level of response. And when security detects multiple threats, the contextreveals which poses the greatest business risk, so that it gets top priority.TIP: For the fastest possible response, look for a security analytics platform that automates thesteps that follow threat detection.3The Forrester Wave: Security Analytics Platforms, Q1 2017, March 6, 2017RSA Ebook: The 3 Keys to Faster Threat Response7
THE NEED FOR SPEED80%According to the latest RSA study rating organizations’cybersecurity maturity:74%70%60%50%40%40%30%20%10%0Organizations have little orno capability to respond toan attackInadequate systems toquickly recover froman attackSource: RSA Cybersecurity Poverty Index 2016RSA Ebook: The 3 Keys to Faster Threat Response8
RESPOND FASTER WITHRSA NETWITNESS PLATFORMGet the insight and context your security teamneeds to respond to cyber threats fast, with RSANetWitness Platform. Rely on it to: Enable a deeper understanding of threatsthrough machine learning and analytics Quickly bring attacks into full view with threatintelligence from a variety of sources Provide the business context to make faster,better decisions about threat responsesRSA NetWitness Platform interweavesbusiness context and risk with the mostadvanced cybersecurity capabilities to help theentire organization—from the CEO and CISO tothe security operations center—make strongerdecisions to protect themselves from known andunknown threats, minimize attacker dwell timeand mitigate negative business consequences.RSA Ebook: The 3 Keys to Faster Threat Response9
Faster incident response is just part of thepicture. Learn more about how RSA NetWitnessPlatform improves threat visibility and detection,and increases the impact with your existing team.rsa.com/netwitnessRSA Ebook: The 3 Keys to Faster Threat Response10
RSA NetWitness PlatformRSA NetWitness Platform is an evolved SIEM and threat defense solution that empowers security teams to rapidly detect, understand thefull scope of a compromise and automatically respond to the threat before damage is done. With a design that aligns business context tosecurity risks, RSA NetWitness Platform closes the gaps of technology-only solutions and ensures that IT security is optimized to supportan organization’s strategic goals. RSA NetWitness Platform delivers unsurpassed breadth of visibility and depth of analytics that makesecurity analysts more effective and efficient. 2018 Dell Inc. or its subsidiaries. All rights reserved. RSA and the RSA logo, are registered trademarks or trademarks of Dell Inc. or its subsidiaries in the United States andother countries. All other trademarks are the property of their respective owners. RSA believes the information in this document is accurate. The information is subject tochange without notice. 03/18, Ebook: The 3 Keys to Faster Threat Response, H16362.RSA Ebook: The 3 Keys to Faster Threat Response11
RSA E The 3 Keys to Faster Threat Response 11 RSA NetWitness Platform is an evolved SIEM and threat defense solution that empowers security teams to rapidly detect, understand the full scope of a compromise and automatically respond to the threat before damage is done. With a design that aligns business context to
