March 6, 2014 By Grayson Milbourne

Solving the mystery of incidence response

The threat landscape today is very different from a few years ago. With an increasingly creative number of threat vectors through which to launch an attack, it has never been more challenging to secure our data and devices in all the ways we connect. In today’s hyper-dynamic landscape, well over 8 million malware variants are discovered each month. The majority are financially motivated, very low in volume and very sophisticated. On the mobile front, cybercriminals have shown a clear focus on compromising devices made evident by an explosion in the discovery of malicious mobile apps and websites. Also on the rise are attacks orchestrated by organized cybercrime rings which are now focused on large retail establishments, department stores and hotel chains. And of course, there is the ever persistent battle of state vs. state cyber espionage with hacktivists vying for influence. With such a complex and diverse threat landscape, complicated by a variety of device types and platforms, providing security has only become more challenging.

Companies today struggle digesting data created by various security solutions as they all act independently from one another. For example, the network firewall doesn’t communicate or share data with the endpoint security software. As companies add on layers of protection, they are presented with additional feeds of data which, again, are all independent. This has led to solutions such as Security Information & Event Management (SIEM) systems which aim to correlate data from various independent data feeds. The problem however, is that the sources of data remain independent and unaware of each other. Additionally, data is only correlated within a single environment, unaware of other corporations and their encounters with security events. Ultimately, what this leads to is time wasted by dealing with data collection and correlation when it could be used for incidence response and remediation.

To deal with today’s threats you need the ability to transform data feeds into actionable intelligence. To succeed, you must have the ability to provide context and to show interconnectivity at a granular level, whether it be for internet security, endpoints, or mobile devices – and to do so on a large scale by correlating data from millions of sources across consumer and corporate environments alike. Data does not equal intelligence, and without a way to bring it all together, to break it down and understand it, responding to the threats at hand becomes all the more challenging. Intelligence is making sense of data and working with the results to respond, remediate, and to protect against future attack.

BrightCloud Security Services provide the necessary context, detail and interconnectedness needed to transform data into actionable intelligence.

Share Button
true