Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108

Thursday, 19 May 2022 10:47

The importance of context for security

By Debashish Jyotiprakash, managing director, Qualys Asia Pacific and Japan

GUEST OPINION: The threat landscape is becoming more challenging from every angle. Security teams are understaffed and overworked and are still playing catch up after the wide-ranging effects of the last few years of the pandemic. There’s unfortunately no end in sight as the skills gap widens and the complexity around IT management continues to grow. Bad actors are becoming more sophisticated each day. It has never before been this hard to keep your organisation secure.

It’s no wonder that many security professionals fall into the trap of adopting a variety of security tools to help them cope with these problems. In the hope of using the latest and seemingly greatest technology, CISOs think adding another security layer will reduce their risk exposure. If only it were that easy. Adding more technology can solve some of the issues, but it can also dilute team attention spans further, leading to more problems over time.

At the board level, a lot of confusion is brewing. Board members are overwhelmed with the many acronyms they are expected to know - Security Incident and Event Management (SIEM), Security Orchestration Automation and Response (SOAR) and Endpoint Detection and Response (EDR) and now there is another – Extended Detection and Response (XDR). How can they be expected to understand what is delivering value?

In reality, the problem isn’t with the tooling. Each tool - whether it be SIEM, SOAR or EDR - is valuable in its own right. However, with each new integration, organisations are facing greater data silos. Analysts then have to deal with a barrage of alerts from their range of solutions. And each dashboard reports its own metrics based on the visibility of its corner of the corporate network and tits specific use cases.

This leads to problems where the same alert can be flagged to multiple teams, or where issues can slip through the gaps. With security analysts already stressed, this can produce alert fatigue. To address this, XDR solutions are designed as the top layer, to investigate every potential incident in the digital estate, and enable real-time incident detection and response. Yet, not all XDRs are created equal.

Some current solutions regurgitate data to users, which just creates extra work for the analyst who still needs to interpret this data and make countless manual decisions about the required action. Current SIEM and XDR solutions passively and reactively collect disparate, unrelated logs, which creates an avalanche of notifications that place the burden of correlation and prioritisation on the security analyst. The emphasis is placed back on the user to sift through those alerts to detect threats, and prioritise response and remediation based on their analysis accordingly. This is a heavy lift for any team when you consider the quantity of alerts faced daily, particularly when dealing with false positives that waste time and affect staff morale.

This is where the value of insight in context comes in. In one tool, one log or alert might look a lot like any other. However, when combined with external threat intelligence and other security data, that innocuous request will suddenly take on new meaning and rapidly rise up the priority list. XDR is designed to break down data silos and help analysts achieve greater insight, by creating a unified view of the enterprise technology stack and its threats. Combining the tapestry of security solutions and functions together in one platform, analysts can understand exactly what is going on in their environment from a single view.

Analysts are able to use the noise of multiple alerts from multiple platforms and turn this into signals that provide a unified view of the enterprise technology stack. By correlating data from asset inventory and vulnerability information, network endpoint telemetry, high-quality threat intelligence and third-party log data, we can provide analysts with more context on what is taking place and drive more effective response to threats in real time.

Context is the difference between wasted time spent on manual tasks and more focused investigation where it is really needed. With understaffed and time-poor security teams struggling to support remote working and deal with more attacks, providing context using XDR is an effective route to providing what businesses need to improve their risk posture and security approach. Without this, teams will struggle to manage workflows and deal with potential issues in a timely manner.

Read 414 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments