Keys to Having Better Cyberthreat Visibility

    Mar 14, 2018 7:31:00 AM Keeran Networks Security

    AdobeStock_109529834.jpegKeeping up with all of the cyber threat trends is an ever-changing battle. However, there is a straightforward principle to keep in mind when protecting your business. If you can't see the threat, you can't stop it. Implementing a cyber risk management checklist for your company is essential. 

    Due to the rise in mobility, BYOD, and the Internet of Things (IoT), the attack surface is continually expanding, giving more openings to attackers. This means that there are even more threats coming in that you won't see.

    According to a Clark School study at the University of Maryland, a cyber attack happens every 39 seconds.

    To be able to keep up with all of the threats that you are up against, you need visibility into all of the data available from logs, packets, endpoints, and threat intelligence.

    More visibility could give IT executives better insights into their top three threat detection challenges. The top threat detection challenges for IT managers are:

    • Keeping up with new threats - including zero-day threats,
    • Understanding the full scope of the attack,
    • And the ability to detect an attack while it is in progress.

    To be able to keep up with these three threat detection challenges, five key areas need to be looked at to get better threat visibility.

    Related: 2018 Cyber Security Predictions: What’s in Store for IT?

    The five areas are:

    Logs

    Logs are a critical component of any cybersecurity infrastructure because they can tell you when a preventative control in your security infrastructure has detected signs of a problem and triggered an alert.

    However, logs cannot give you visibility into someone logging in using stolen credentials, a new kind of malware that the control won't recognize, or a zero-day attack that is coming through a software weakness that hasn't been patched yet.

    Other sources of data 

    Visibility into network packets, endpoint data and cloud applications are essential so that your team can identify threats wherever they appear. Visibility across these sources of data, informed by analytics, threat intelligence, and business context is essential to be able to understand what is happening in the threat environment.

    Data analytics

    Data analytics provide an opportunity to detect threats and to prioritize responses. Once threats are visible, analytics can bring a laser focus to decisions about how to strike back.

    Threat intelligence

    Gathering threat intelligence from analysts and experts adds a layer of context that your IT team can be used to identify threats and plan how to respond. This intelligence can be applied to logs, packets, and endpoints to look at threat data in context and prioritize responses accordingly.

    Business context for threats

    Business context is the information that lets your team know which threat to fight off first.

    If you approach your cybersecurity like most businesses, you probably use security logs as your primary line of defense. Security logs are crucial, but alone they are not sufficient.

    Making your network safer starts with increasing threat visibility. To have better visibility into your cyber risk management you need to look at logs, network packets, endpoint data, cloud applications, data analytics, threat intelligence, and business context - combined these will give you the defense you need against cyber attacks. 

    Keeran Networks

    Written by Keeran Networks