As major data breaches to leading retailers and government organizations continue to make headline news, there is a rising awareness of the need to protect sensitive business assets from cyber attacks. Once considered a technical issue to be handled by the IT team, cyber threats are now considered a clear and present business risk to be managed by C-level executives. Cyber attacks can result in data theft, compromised customer records, business disruption and reputation damage – while the cost of remediating a data breach can run into the millions of dollars.
A recent survey from ISACA and RSA revealed that nearly three-quarters of respondents expect to fall prey to a cyber attack in 2016. This does not bode well for the current state of cyber security. There are several key reasons why both enterprises and government organizations, despite their best efforts, are still losing the battle to advanced cyber attacks.
Cyber Security Operations Center (SOC) teams are equipped with dozens of best-of-breed products. The problem with these disconnected point products is that each was built to handle a particular attack vector. They do not work cooperatively and cannot share intelligence with each other, which is a pre-requisite for detecting today’s complex, multi-staged attacks.
The result is that SOC teams are flooded with thousands of daily alerts generated by different products, most of which are false-positives. In fact, the average enterprise spends $1.3m a year dealing with false positive alerts, while due to a lack of resources, only 4% are actually investigated. Meaning that attacks often go unnoticed for months before they are detected, investigated and remediated.
Couple this with the global shortage of skilled analysts (according to the RSA survey 59% of cyber security job candidates in 2015 were not qualified upon hire) and it becomes pretty clear why most attacks are not discovered until it’s too late.
Turning the Tables on Cyber Attackers
There is an ever-widening gap between the way attackers are attacking and the way organizations are defending. Aware of the common defenses in place at most organizations, savvy attackers craft their attacks to bypass these solutions.
Organizations cannot continue doing the same thing and expect a different result. What’s needed is a completely new perspective. An intelligence-driven approach that simultaneously gathers leads and evidence across multiple attack vectors and provides analysts with the intelligence they need to stop stealthy attacks in their path.
The key to a new defense is automating the investigation process while gathering as much evidence as possible from multiple sources to cross examine and validate an attack. The manual investigation processes used in most organizations cannot keep pace with the exponentially growing attack surface and the overload of information coming in from multiple detection systems. Automation of the detection and investigation processes will enable SOC teams to overcome their toughest challenges, including alert fatigue, time to detection, false positives and human errors. While machine-intelligence analysis increases operational efficiencies and helps to address the shortage of skilled analysts, there are more complex cases where human intuition and judgment are indispensable. Thus, it’s important to combine both elements in a way that allows SOC teams to maximize the value of each.
Verint Cyber Security was established with this vision in mind. For over two decades, Verint has been a market leader in building Actionable Intelligence® solutions that extract insights from big data. We have taken this knowledge, together with our experience in protecting some of the world’s most targeted networks, and applied it to the cyber domain.
Learn more about Verint’s cyber security solutions here.