Insider Risk

Picking the Right Comprehensive Threat Detection Solution

By Dr. Christine Izuakor

Navigating Cybersecurity Tool Fatigue and Picking the Right Comprehensive Threat Detection Solution

Time for a sobering look at antiquated cybersecurity tools

A slew of recent changes, particularly the massive shift to remote work following the pandemic, has rapidly redefined the cybersecurity threatscape. In the new cyber normal, organizations face the security dilemma of keeping existing tools versus adopting solutions to protect them against today’s threats.

A Techzone and Cryptzone study found 90 percent of organizations still use security technologies from the 1990s, thus, staying nearly 20+ years behind the curve. The reason sometimes is about retaining productivity. Since employees are already familiar with old technologies versus, they have to get used to new ones. Too much focus on remaining compliance is another reason that keeps organizations from making sound security decisions and shapes spending drivers that don’t align with today’s threats.

Sticking to old technologies also results in fatigue in already understaffed security teams. For example, while Next-gen firewalls and network intrusion detection and prevention (NGFW/IDS/IPS) systems excel at detecting files based on signature or may even utilize machine-learning heuristics, they can only suggest potential issues. Security personnel have to investigate further to get to the failure. The high rate of false positives these solutions generate also adds to security fatigue.

Many organizations stick to anti-malware software which is good at detecting known malware and viruses, but cybercriminals utilize this very fact to evade detection. Even in identity-based security, bad actors have targeted Microsoft’s ubiquitous Active Directory (AD) to escalate privileges.

Generally, old-school security mainly was about securing the perimeters, but combating modern threats demands a more profound, multi-layered security approach. Moreover, considering the sheer number of security solutions out there, it is important to get to the root of your security needs and simplify your tooling decisions.

How organizations can get to the root of their threat detection strategy

According to Gartner, the global information security market is forecast to reach $170.4 billion in 2022. This is mainly due to new spending from organizations evolving their defenses against a rising rate of complex threats.

You don’t always need highly complicated solutions once you truly get to the root of what you need. Some key considerations in an effective threat detection strategy for your organization involve:

Risk management

To identify the critical areas of security investments, assess the cybersecurity risks related to their impact on your organization and your critical business operations.

Business priorities

Factor in vulnerabilities from personnel, technologies, third-party risks, both on-prem and cloud information systems, remote work, and physical security.

Monitoring Anomalies

Implement monitoring technologies to prevent and deter threats from ‘insiders.’ According to the Ponemon Institute, insider threats account for half of all data loss incidents, and according to Forrester, 90% of insider threats go undetected – often for weeks or months. In the remote era, having a coherent view of cyber-related activities in your organization can help develop a positive culture that deters counter-productive behavior.

Mitigate Gaps

Even rock-solid vaults have vulnerabilities. Have a plan to respond to security gaps in your defenses and plan to evaluate and evolve regularly.

The wide variety of complex security tools available out there can overwhelm your security decision. But a methodical approach to security tools can simplify the selection process. Here are some key factors to consider to select a comprehensive threat detection solution that adequately covers your security needs.

Six key factors to consider for a comprehensive threat detection solution

To counter the sophisticated cyber threats that organizations face today, security leaders need to adopt an integrated approach to cybersecurity. Your security strategy has to tailor to your particular business and risk profile. Threat actors target the weakest link of every company – the people. Hence, in addition, you must also ensure that it’s not limited only to the technical aspects of cyber defense but also factors in the people and organizational elements.

The NIST Cybersecurity framework defines the phases of a comprehensive solution as identify, protect, detect, respond, and recover. NSA’s mitigation strategies build upon these functions to counter exploits from advanced persistent threat (APT) actors to manage risks and promote a defense-in-depth posture.

To select a comprehensive threat detection solution for your organization, here are six key factors to consider.

1) Zero Trust Model

 

According to Cybint, 95% of cybersecurity breaches are caused by human error. Cybercriminals mainly target this weak link in your cyber defense. This fact is staggering, and any effective threat detection and mitigation approach must factor in the human factors, especially in the remote era.

The Zero Trust approach to security helps you achieve that and more. Zero Trust enables you to implement a built-in security model that’s increasingly pervasive and granular. It is pivoted on the mantra “Never Trust, Always Verify.”

The Zero Trust Architecture (ZTA) aims to protect data by implementing data-centric security systems. Monitoring all endpoints and data sources in your organization is central to a ZTA architecture. In remote work environments, ZTA becomes all the more relevant as it can determine risk at the points of access and use of resources. TheNIST special publication, 800-207, defines ZTA as:

“When balanced with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and best practices, a ZTA can protect against common threats and improve an organization’s security posture by using a managed risk approach.”

A solution integral to the ZTA framework is UEBA (User and Entity Behavior Analytics). In a Zero Trust Architecture, UEBA continuously monitors devices and collects activity and event data. Integrated with advanced machine learning, UEBA uses network events to baseline standard behavioral patterns as humans, devices, and networks interact. It flags anomalies outside of a baseline as possible threats. It alerts security teams for further action to reduce risk to your organizations. Alerts and automated actions can be taken to minimize risk.

2) Automate Threat Detection

 

A next-gen approach to security relies on hyper-automation. Automating the security workflow frees up your security personnel from the fatigue of tiring manual analysis and addresses security skill-gap challenges that most organizations face today. A comprehensive threat detection solution manages your entire security workflow. For example, Veriato’s Cerebral threat detection solution

  • Continually monitors all user behaviors on every device in your entire organization. It monitors all files, applications, emails, chats, internet, and network usage, psycholinguistics, and more.
  • Continually analyzes all user behavior to identify threats.
  • On detecting threats, immediately alerts the security team. Integrated alerting minimizes the security team’s workload.
  • It gives you an immediate video playback that allows you to see the nature of the threat quickly.
  • Video playback lets you respond immediately and with 100% confidence. The video also serves legal evidence and threat intelligence.

Tools to automatically detect every form of attack improve your ability to detect attacks and avoid false positives.

3) Artificial Intelligence is the future

 

Modern organizations have to deal with ever-increasing threat vectors. As technology proliferates into every corporate function, as data storage and processing spans across on-prem and the cloud, as more and more employees and third-party workers access enterprise data from remote locations, the number of vulnerabilities is increasing ad infinitum. The time to detect a breach tops six months on average.

While monitoring every endpoint is critical to identify threats, reliably analyzing the massive volume of events they produce is practically impossible. That’s where artificial intelligence (AI) comes in.

AI is the inevitable solution to identify threats in such a dynamic and sophisticated threat landscape. AI-powered by unsupervised or supervised machine learning, statistical data analysis, and natural language processing capabilities is vital to pinpoint threats in today’s haystack of data reliably.

Traditional security solutions are limited by their ability to detect known vulnerabilities and pre-defined rules, and signature-based threats. Machine learning busts these limitations as now you can dynamically learn new threat patterns to detect anomalies, minimize the chances of escapes, and accelerate threat detection.

Advanced machine learning can sift through structured and unstructured data to lower false positives and predict future threats. Veriato’s Cerebral is a holistic AI solution that adds intelligence to your entire threat detection by monitoring endpoints, creating a Digital Fingerprint, grouping, lowering false positives, predicting future threats, detecting anomalies, and risk scoring.

4) Multi-factor security

 

To combat complex threats, multi-layered security ensures a robust security posture. It is essential to prioritize threats that matter to you right now. NIST Cybersecurity Frameworks mentioned earlier guides you through the steps to a multi-layered security strategy. A holistic security solution should provide you the tools and technologies so that you are covered right from threat detection to incident resolution.

A multi-layered security solution needs to protect your data and assets that are on-premises, remote, and in the cloud environments. It also helps you eliminate your security blind spots by aggregating and correlating events from all your devices, servers, endpoints and by applications and monitoring user and administrator activities. The result is you get a comprehensive view of security events across your organization that includes remote workers and locations. This visibility is the key to timely response and to minimize the overall cost of a breach.

 

5) Smart monitoring

 

In today’s threat landscape, continuous monitoring is crucial to keep us with the bad actors, including your employees. An IBM X-Force report states 40% of cyber-attacks are launched from outside your corporate firewall while the insiders carry out a staggering 60% of cyber-attacks. 44.5% of them have malicious intent.

An earlier study by Gartner found 62% of insider threats involved employees who wanted to establish an additional income source by selling their employer’s sensitive data, 29% were employees leaving the organization, and 9% were saboteurs. Inadvertent insiders contributed to two-thirds of the compromises. Many organizations employ an increasing number of third-party resources that also add to this pool of insider threats.

As now more employees work from remote locations, these staggering statistics can only get worse. Since remote work became a norm, phishing attacks have spiked and led to a record increase in successful breaches. It isn’t easy to monitor employees where they are remote. That’s when security solutions that provide comprehensive employee monitoring become very important. Employee monitoring solutions provide you the added advantage of ensuring employee productivity when they are remote.

Ransomware is another threat that increased significantly over the past couple of years. Every year new variants of ransomware are introduced. Ransomware has cost US businesses over$75 billion in downtime. 1 in 5 companies hit by ransomware is forced to close. In the first quarter of 2020, ransomware payments increased by about 33%.

Attackers exploit your employees using phishing campaigns, exploiting software vulnerabilities, or stealing remote desktop protocols (RDP) credentials to inject ransomware.

A comprehensive security solution needs to continuously monitor all the devices, file systems, network endpoints, and employee-owned machines to detect ransomware threats early enough. A good ransomware solution

  • Uses threat intelligence that keeps up with ransomware signatures
  • Uses honeypot files to detect attacks from previously unknown variants reliably.
  • Maintains regular backups of all file systems and digital assets
  • Monitors continuously every device to detect threats early and to minimize the total cost of a breach.

6) Easy to integrate and evolve

A security solution has to integrate with your organizations’ functional workflows and work culture efficiently. It should be less disruptive to your existing operations. It should be less intrusive to your current systems and workforce. Ensure it is easy to deploy, use and maintain, helps to integrate security at all levels of the organizations, and fosters employee security awareness, security best practices/hygiene.

As the threat landscape becomes more complex and threat actors find more sophisticated tools to exploit, it is essential to future proof your security posture. This is possible only when your security solution can evolve with time. Advanced security solutions are integrated with threat intelligence systems. They are capable of adapting to new threats and protect you against the evolving menace of the dark web

Conclusion:

A methodical approach to your unique cybersecurity needs helps to simplify your tool decisions. According to the MS-ISAC CTI report, many cybersecurity trends that emerged in 2020 will continue well into the future in an upward slope. The disappearance of the security boundary with remote work, an increase in living-off-the-land techniques, ransomware-as-a-service, and post-ransomware extortion, to name a few. To immunize your enterprise from these threats and to keep your core business functions running smoothly, it is essential to adopt a comprehensive approach to cybersecurity.

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Dr. Christine Izuakor
Dr. Izuakor is the Senior Manager of Global Security Strategy and Awareness at United Airlines where she plays a critical part in embedding cyber security in United’s culture. She is an adjunct professor of cyber security at Robert Morris University, and independently helps corporations solve a diverse range of strategic cybersecurity challenges.

Insider Risk & Employee Monitoring Resources

Smart Year-End IT Investments- A Trifecta for ROI

Smart Year-End IT Investments- A Trifecta for ROI

Drive Productivity, Reduce Insider Risk, Enforce Compliance As the year wraps up, many IT, security, compliance, and HR teams have unspent budgets that won't roll over. Rather than scrambling for last-minute, low-value purchases, why not make smart, strategic...

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...