As McAfee Chief Executive Officer Chris Young said in his 2019 MPOWER Cybersecurity Summit keynote address, time is the most valuable resource that we all share. But time isn’t always on our side – especially when it comes to cybersecurity.
“Time is the one constant that we cannot change. It’s the one constraint that we cannot ignore. Every second counts,” Young said. “… Our adversaries are using time to their advantage. It’s the single greatest weapon they have. It’s taken over the language of our industry. Persistence. Dwell time. Used to describe the time the work that our adversaries do as they run up the clock until they try to exfiltrate our most sensitive information. Versus ransomware, which applies time pressure to run down the clock. If you don’t pay the ransom you’ll lose your data forever. Zero-day attacks. Mean time to detect. Mean time to respond. These are just a few of the many, many examples of the way time is woven into the fabric of our industry.”
Time is a major challenge for organizations attempting to keep pace with cyber threats that are rapidly increasing in volume and complexity. Elevated efficiency is cybersecurity’s counterpunch against agile and elusive adversaries weaponizing time. Organizations that constantly find themselves in reactive mode struggle to maintain staff efficiency—but time and resources can be saved by using improved visibility and prioritization to get ahead of the threat curve.
The findings of an ESG paper commissioned by McAfee concurred: “Organizations want more visibility into cyber-risks so they can tailor and prioritize their threat response and risk remediation actions in alignment with threats that may hit them,” said Jon Oltsik, ESG fellow. “Many firms want to be more proactive but do not have the resources and talent to execute.”
Better cybersecurity intelligence and insights can enable organizations to assume a more proactive cybersecurity program without dramatically upgrading resources and talent.
Better Visibility Through Next Generation Open Architecture
Modern adversaries are using next-generation tools, tactics and techniques to evade traditional reactive security systems. The next generation of open cyberthreat identification, investigation, and response capabilities paired with human and artificial intelligence can enable organizations to answer key questions about how to respond to threats. Open architecture can enable security teams to add their own expertise and analytics, empowering insight into the high-impact threats that matter. Security analysts will need the right technology to do the analysis, a combination of human expertise and the most advanced artificial intelligence and machine-learning capabilities that provide insight as to which actions to take.
The diversity of the raw materials an organization uses matters. If you only have one type of sensor, such as endpoint, you’re limited in what you can see. Gaining insight requires the ability to look at a wide range of capabilities from traditional on-premise environments to the cloud. Sensors should cover on-premise, perimeter, network, endpoint, and cloud environments. From the data gathered by these sensors, security teams can then extract context, detecting the characteristics, structure, and behavior of suspicious activity. Efficiencies are empowered through diverse telemetry at scale.
Prioritization: Decoding the DNA of Cyber Threats
“We and the rest of the cybersecurity industry have to move beyond the hash,“ said Steve Grobman, senior vice president and chief technology officer. “Features are a lot like markers in DNA and biology. By understanding the markers and characteristics, we can understand the structure, the behavior. We can understand what a threat is even if we’ve never seen it before. We can basically see the characteristics of a threat we’ve never seen before and have a very good understanding of what it actually is.”
Most security teams are constrained by the available data and traditional indicators of compromise such as hashtags and IP addresses. An open architecture consisting of a variety of sensors provides the capability to gather more and richer information on a threat’s DNA.
The goal goes beyond a simple patch or remedy. It’s about being better able to understand the unknown through improved data and intelligence. To enhance efficiency in dealing with the things that matter. The threats that are inherently difficult to detect. The threats that are engineered to target you.
By gaining this understanding, you’ll be more able to answer strategic questions such as:
- Am I protected from this threat?
- What do I need on my platform in to defend against this threat?
- What is the technology?
- What is the content?
- What is the configuration I need to defend myself?
- Was I protected when this threat impacted my environment on that very first day or the day that threat emerged?
- What did I need to have zero-day protection?
- Did I have the right real-protect model?
Intelligence that helps answer these questions can provide insight into not only how a threat fared against one organization’s security but how a security plan can proactively prepare for next-generation threats.
Anticipating Next-Generation Threats
Understanding threats is not just about protection but also anticipation, both of threats in your environment and on a global scale. Improved insights can leave organizations with a complete view of how a threat is impacting their environment.
Decoding the DNA of threats through an expanded variety of sensors can help organizations recognize and anticipate the next generation of threats:
- Using machine-learning algorithm that recognizes potentially malicious activity, extracts characteristics and recognizes its similarities to threats we’ve seen before.
- Finding outliers that allow us to find things that have uncommon characteristics.
- Finding things that appear to be engineered for things in your environment. The fact that this only in your environment and it has characteristics that really look different from anything we’ve ever seen before. That tells us you really need to pop this to the top of your stack of investigation priorities because this could be targeting you.
- Identifying targeted attacks by mapping threats tied to specific industrial sectors and being able to cluster the highest level of intensity by sector.
- Separating the noise from the signal.
- Triaging the priority and raising the urgency on threats critical to your organization.
Gaining cybersecurity efficiency via visibility and prioritization isn’t only about gathering richer data. It’s also about having the right technology to do the analysis. It’s not just about being able to identify the things that matter, it’s about being able to take action with your current security staff. It’s about saving time against an adversary using time as a weapon.
Read more on how the McAfee MVISION Insights platform’s integration into the McAfee architecture provides better intelligence capable of empowering better insights
About the Author