This blog post was written by Karl Klaessig.
Like most things in life, successful planning for a secure network takes a pre-baked strategy. And, with that strategy comes the actions and tasks needed to carry it out. It’s much like sports – you want to enable your organization to be the one with the ball, dictating the offense to successfully execute plays that result in a score. You should control pace of the game. Don’t let the opponent (in this case, the hackers) dictate the pace, or your strategy.
Companies are tasked with protecting their organizations from advanced threats. For many, the most troublesome threats are Advanced Persistent Threats (APTs), those that quietly monitor a network over time to gather and extract sensitive information and intellectual property – and targeted attacks against a single organization. In fact, according to an Evalueserve survey commissioned by McAfee, part of McAfee Security, 74 percent of the 473 surveyed companies said they are highly concerned about these two specific attacks. Hackers, it seems, are setting the pace of the game.
However, an agile offensive strategy can put you in a more proactive position. In the same Evaluserve survey, 53 percent of organizations said they discovered an attack within hours or minutes, allowing them to disrupt the instance. Behind those detections was the presence of technology that integrates threat intelligence, correlation, analytics, active response and adaptive technologies. They employ advanced Security Information and Event Management (SIEM) technology specifically geared to help incident response.
Here are the three key findings from the survey:
- 57 percent of companies capable of detecting targeted attacks within minutes experienced 10 or fewer attacks in 2013
- 78 percent of those companies employ a real-time SIEM solution.
- Only 12 percent of SIEM-enabled organizations had to investigate more than 50 incidents in 2015.
This forms a recognizable pattern: hackers usually look elsewhere when faced with the competent execution of existing security solutions.
A SIEM solution capable of real-time threat detection and prioritization offers the actionable intelligence and advanced analysis for security personnel to identify indicators of attack quickly and accurately. Additionally, a real-time SIEM solution integrates threat intelligence, correlation and analytics to detect the eight most common indicators of attack (IoAs) highlighted in our special report, “When Minutes Count.”