Would you ever step into a Mixed Martial Arts (MMA) Octagon cage to compete against warriors who strive and train for one thing – to knock down their opponent? Not a decision to take lightly. Now, think about it from the cybersecurity front. Security analysts are expected to step into the [SOC] cage and fight tirelessly against a whole new level of attacks, evolving daily, while skilled attackers improve their BJJ and Muay-Thai TTPs. Often, these attackers are well-hidden behind off-the-shelf cheap exploit kits and script kiddies making the security analysts’ work – our SOC warriors – a lot harder. Especially when they’re not equipped with the right tools.
Looking back, the security industry’s biggest challenge was to detect and investigate threats in a timely fashion, always trying to reduce mean-time-to-detect and respond (MTTD & MTTR). Don’t get me wrong, that battle remains and will continue to do so for years to come. However, looking closely at recent mega data breaches, that teeny-tiny alert did fire, but the number of unattended alerts (as called out by recent Gartner SOAR research) and lack of cyber risk prioritization led many of those attacks to become data breaches. Coming back to the point of the detection challenge, the industry has made major strides evolving and harnessing the power of machine learning and behavioral analytics into common practice of our day to day job.
Still, attackers remain attackers as long as incentives exist – bitcoin gain (bitcoin ransomware is faster, cheaper, and scalable (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Maor Franco. Read the original post at: http://www.rsa.com/en-us/blog/2018-02/never-let-your-guard-down-aroo.html