Cybersecurity 2017 New Year Resolution: Investigate Every Single Cyber Alert

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

JANUARY 4, 2017 / BY LAUREN MATTOS

It’s the New Year. A fresh start for many, both personally and professionally. One of the most popular resolutions people make for the New Year is to be more productive, and with productivity comes the need to prioritize.

Prioritization is a necessary and useful part of life. People need to decide which things are most important—should finishing the basement take priority over remodeling the kitchen? Is responding to this email more important than finishing this report?

Overall, prioritization is a good thing, except when it comes to cyber alerts. One might be thinking, “why would prioritizing alerts be a bad thing? Shouldn’t cyber analysts investigate only the most imminent and dangerous of threats?”

Well, yes and no. Yes, analysts should investigate alerts that have the highest chance for causing a breach. However as we saw with the Target breach in 2013, many alerts appear to be benign at first, causing malicious threats to be easily missed and allowing them to worm their way into networks and systems and remain there for weeks.

So why aren’t analysts investigating all of their cyber alerts?

Lack of capacity: 92% of companies receive over 500 alerts per day, according to a study done by EMA. 88% of respondents said that these alerts were classified as severe or critical. The average analyst can handle about 8-10 alerts per day, making investigating each alert impossible. This causes companies to tune their detection systems in order to match their capacity, which in turn significantly increases the risk of breach.High false positive rate:  According to a survey by International Data Corporation (IDC), 37 percent of cyber security professionals reported facing 10,000 alerts per month of which 52 percent are false positives. Given such a high false positive rate, one can deduce why analysts might feel confident that prioritizing alerts instead of investigating all of them does not increase their risk of breach.Major skills-gap: Companies simply lack the security expertise to handle their cybersecurity operations, and the majority of them (60%) are unwilling to invest in proper training.Automating Incident Response: The Only Way To Stay Safe

Given these challenges, the only way to investigate all cybersecurity alerts (and actually accomplish a New Year resolution) is to automate the incident response process.

Use security orchestration and automation tools to:

Automatically investigate every alert: instead of prioritizing alerts to match capacity, use a solution to investigate every alert.Gather additional context from other systems: automate the collection of contextual information from other network detection systems, logs, etc.Exonerate or incriminate threats: using both known threat information and by inspection, decide whether what was detected is benign or malicious.Automate the remediation process: once a verdict has been made, automatically remediate (quarantine a file, kill a process, shut down a CNC connection, etc.)

Remember: prioritization is making a conscious decision about what you’re going to ignore. If a company decides to prioritize rather than investigate all alerts using automation, they increase their risk of attack by a significant margin.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
160 Followers
About Hexadite
Hexadite AIRS is the first agentless intelligent security orchestration and automation platform for Global 2000 companies. By easily integrating with customers’ existing security technologies and harnessing artificial intelligence that automatically investigates every cyber alert and drives remediation actions, Hexadite enables security teams to go from alert to remediation in minutes at scale.
Promoted Content
Celebrating 1 Million Investigations & Announcing Custom Playbooks
Security automation is all the rage, but only one company's product has performed over one million automated investigations. We bet you can guess who. We've done the math and found that Hexadite AIRS has:Automated over 800,000 man hours of workEquivalent to over $38.5 million in customer savingsReached its one millionth investigation in less than 2 yearsDate: Tuesday, March 14thTime: 1:00pm-2:00pm EST

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel