Lacework has added time series modeling to the existing anomaly detection capabilities in its Polygraph Data Platform to make it easier for cybersecurity teams to investigate cyberthreats in cloud computing environments.
In addition, Lacework has revamped its alerting capabilities to provide more context across associated events, timelines and other details. Cybersecurity teams can more easily organize alerts, view tags, filter specific alerts, change the state of an alert to indicate whether it needs to be investigated or has been resolved, and add comments to classify and better collaborate with teams.
Finally, the company is making available in beta a configurable bi-directional synchronization capability through which alerts can be automatically updated across the Lacework Polygraph Data Platform and workflow tools such as Jira from Atlassian.
Kate MacLean, senior director of product marketing for Lacework, said the time series modeling in the Polygraph Data Platform will provide cybersecurity teams with additional levels of context by enabling them to identify the timeline across which attacks are occurring using a platform that is infused with automated machine learning and behavioral analytics capabilities to create a baseline for what is normal activity for any given IT environment.
Available initially on the Amazon Web Services (AWS) cloud, the time series model introduces a new dimension by tracking changes in activity frequency and volume over time in a cloud environment, she noted.
That approach eliminates the need to constantly tune thresholds as the IT environment evolves, she also noted. In contrast, a signature and rules-based approach to tracking threats will generate far too many false-positive alerts that will quickly overwhelm the ability of a cybersecurity team to track.
In general, cybersecurity teams are looking to rely more on automation as both the volume and sophistication of cyberattacks continue to increase. The challenge is that often requires making an investment in a different platform at a time when organizations are now more sensitive to the cost of cybersecurity. In fact, many organizations are looking to consolidate the number of cybersecurity platforms they have to deploy and maintain in order to reduce costs and streamline operational efficiency.
As a consequence, cybersecurity teams are looking to reduce the number of platforms they have to use by, for example, relying more on cloud services that combine multiple features in one platform. These cloud services are replacing myriad tools that were previously deployed separately in an on-premises IT environment.
A recent survey of 280 cybersecurity professionals conducted by the research firm Enterprise Strategy Group (ESG) on behalf of the Information Systems Security Association (ISSA) found nearly half (46%) of respondents work at organizations that either plan to (25%) or are currently consolidating (21%) the number of security vendors they rely on. More than half of respondents (53%) said they usually purchase—or will purchase in the future—security technology platforms rather than best-of-breed products. The most common benefits of consolidation cited by survey respondents were operational efficiencies realized by security and IT teams (65%), tighter integration between previously disparate security controls (60%) and improved threat detection efficiency (51%).
Of course, cybercriminals are not nearly as concerned about costs. In fact, a downturn in the economy only serves to increase the size of the potential recruits they might be able to entice to help launch more attacks.