Page 28 - index
P. 28
.&*$ 0/+) /"! %-" / ".,+*." /+ &/&$ /" " 0-&/3 1"*/.
- )! )- # & ' #( $ !$ ! )& (- $!)( $#' ( #*$( '
There’s a big story in cybersecurity today, but no one’s covering it. Sure, data breaches are
attention-grabbing, headline-making events—and let’s face it, there have been plenty around to
choose from. And yet it’s not the shock of discovering a breach or the high-profile identity of
many of the recent targets but the inevitability of a breach occurring that the headlines ignore.
The question has shifted from, “Will I be attacked?” to, “When the attack happens, will I be
prepared?”
We know that attacks routinely target critical networks and that they are as likely to affect
multiple organizations in a single or related industry as they are to focus on one target. What’s
surprising is the length of time it takes organizations to detect and resolve those attacks.
Security events can unfold in the blink of an eye but can take months—even years—to be
properly identified and eradicated from an organization’s systems. Recently released IDG
survey results show that while more than one-third of cyber attacks take hours to detect (which
is relatively fast in today’s climate), resolving breaches takes days, weeks and, in some cases,
even months.
Situational Analysis
We need a seismic shift in the ways we respond to, mitigate, and remediate threats. To support
holistic cyber risk management, organizations must deploy adaptive technologies that transform
dynamically in real-time to foil cyber attacks. Instead of simply detecting and analyzing
incursions, neither of which triggers an actual response to or containment of an attack,
organizations can adopt strategies that include automated threat response and real-time
security orchestration solutions. Such solutions can be configured to act on business- and
security-event triggers to initiate successive and adaptive actions across an enterprise to reduce
potential damage. Attacks that come in looking like one piece of software code quickly mutate
and adapt to the target environment, multiplying the number and types of attacks and
proliferating at machine speed to expose weaknesses. New cyber threats are growing in the
ability to act autonomously with behavior that is customized to a specific target; they utilize
multipart designs with self-concealing, mutating, and hibernating capabilities.
To combat these sophisticated attacks, continuous monitoring architectures can provide real-
time situational awareness of threats and vulnerabilities but fall short of providing the ability to
make machine-speed risk management decisions, mitigations, and responses to successfully
defend and respond to security incidents. The ability to enable a quick response to a breach
should be the focus of C-suites everywhere, but without the ability to take near real-time action,
what is the point? We don’t need to continue to focus our resources solely on detection. We
don’t need another set of watchful eyes. We already have far too many eyes, and they’re still
not seeing the threats. Automated threat response enables the command and control of
continuous monitoring architectures to dynamically adapt and respond to security incidents or
emerging threats in real-time—the next sea change in cybersecurity defense.
The Road Forward
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
