Solving the mystery of incidence response


The threat landscape today is very different from a few years ago. With an increasingly creative number of threat vectors through which to launch an attack, it has never been more challenging to secure our data and devices in all the ways we connect. In today’s hyper-dynamic landscape, well over 8 million malware variants are discovered each month. The majority are financially motivated, very low in volume and very sophisticated. On the mobile front, cybercriminals have shown a clear focus on compromising devices made evident by an explosion in the discovery of malicious mobile apps and websites. Also on the rise are attacks orchestrated by organized cybercrime rings which are now focused on large retail establishments, department stores and hotel chains. And of course, there is the ever persistent battle of state vs. state cyber espionage with hacktivists vying for influence. With such a complex and diverse threat landscape, complicated by a variety of device types and platforms, providing security has only become more challenging.

Companies today struggle digesting data created by various security solutions as they all act independently from one another. For example, the network firewall doesn’t communicate or share data with the endpoint security software. As companies add on layers of protection, they are presented with additional feeds of data which, again, are all independent. This has led to solutions such as Security Information & Event Management (SIEM) systems which aim to correlate data from various independent data feeds. The problem however, is that the sources of data remain independent and unaware of each other. Additionally, data is only correlated within a single environment, unaware of other corporations and their encounters with security events. Ultimately, what this leads to is time wasted by dealing with data collection and correlation when it could be used for incidence response and remediation.

To deal with today’s threats you need the ability to transform data feeds into actionable intelligence. To succeed, you must have the ability to provide context and to show interconnectivity at a granular level, whether it be for internet security, endpoints, or mobile devices – and to do so on a large scale by correlating data from millions of sources across consumer and corporate environments alike. Data does not equal intelligence, and without a way to bring it all together, to break it down and understand it, responding to the threats at hand becomes all the more challenging. Intelligence is making sense of data and working with the results to respond, remediate, and to protect against future attack.

BrightCloud Security Services provide the necessary context, detail and interconnectedness needed to transform data into actionable intelligence.

About the Author

Name: Grayson Milbourne

Grayson Milbourne is the Security Intelligence Director for Internet security company Webroot. Over the past nine years Milbourne has worked in various areas of the company, spending the past seven years focused on threat analysis. His areas of security intelligence expertise range from mobile to reversing to automation to cloud security. Grayson is also an avid participant in the security community and drives awareness of current threats by speaking at major events such as RSA and Virus Bulletin. Most recently, Grayson has been focusing on the growth of mobile malware and the risks associated with BYOD. Additionally, he writes and provides technical review for the Webroot blog.