4 Fallacies Around Security Breaches to Consider When Preparing for 2017

Uriel Cohen

The cyber security landscape changes so quickly that planning your investment strategy could be tricky. Security officers responsible for investment decisions rely on policy portfolios and tactical shifts, but also tend to be drawn to trending topics and industry buzz. We are constantly being fed by over simplified market terms such as big-data, cloud security, UEBA, security analytics, IOC, and many more, so this makes it difficult to identify truly important developments. So what should leaders keep in mind when choosing the next areas for investments? Let’s examine 4 fallacies that should be avoided in order to build a better 2017 plan for security risk reduction and improved efficiency.

Fallacy #1: Better security means deploying more prevention measures

The reality: Many security vendors are doing their best effort to stop attackers at the gate. Unfortunately they are far from providing security teams with a silver bullet. This perimeter-centric approach is long obsolete. The reality today is that most organizations are being breached one way or another. Even mature, well-funded organizations which invest millions in cyber security end up in the news as victims of a major breach. This is the reason it was no surprise to see Gartner predict that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response, up from less than 30 percent in 2016.

Fallacy #2: Breach is inevitable, so let’s do the minimum by following regulation

The reality: Attackers are always moving much faster than regulators and successful attacks are indeed inevitable, but security breaches could have been mitigated by responding to incidents in time. While every organization may expect a compromise, the key question is how fast the security team reacts once the attacker has crossed the first perimeter. The longer it takes to respond, there will be a greater risk of irreversible damage and the greater the liability exposure. Security alerts should be reviewed and once validated as real threats, a detailed investigation must be performed quickly in order to effectively mitigate the incident before it becomes a full-blown breach.

Fallacy #3: We can rely on our SIEM for performing security investigations

The reality: SIEM can point us where & what to investigate, but it’s not an investigation platform since it is missing the actual data. Security teams should be able to understand when data was accessed, by whom, where it traveled to, and what was in it. When thinking about what should be the next areas for investments, mature SOC’s realize that although they made a huge jump on the prevention, detection and even analytics domains they are still using the same investigation tools they were using 5 years ago. If you have deployed detection tools and you’re already using a SIEM, augmenting your SIEM with advanced forensics solution to provide the context around all these alerts is the obvious next step.

Fallacy #4: We need a team of dedicated experts to do forensics

The reality: Let’s face it, the skillset gap in security staff is a major problem. The entire cybersecurity industry is suffering from a lack of specialized education and training. Obviously, if the forensics tool is designed for super users with extensive security and networking knowledge, then it is doomed to fail. Unfortunately, most of today’s forensics solutions require advanced skill-sets that are very rare. This is why a key evaluation factor when choosing a forensics tool must be ease of use. To streamline security investigations, your network forensics platform should be able to do all the heavy lifting of data analysis, delivering intelligence that is human-readable and introducing workflows that are driven by automation. It should also enable knowledge sharing to transform entry level personnel into experienced analysts. Bottom line – your forensics platform should help the entire security team conduct investigations in less time while using fewer resources.

About WireX Systems

WireX Systems is a network forensics company that has shifted the paradigm in security investigations. Using Contextual Capture™ technology, the solution continuously translates network traffic into comprehensive intelligence that can be immediately understood and expands forensics history from days to months. Today, leading enterprises choose WireX Systems as a key component in their security infrastructure to accelerate incident response, mitigate data theft and simplify responding to the magnitude of security alerts they must action every day.

linkedin facebook twitter

Learn more about WireX paradigm shift to Incident Response

Top 3 requirements to turbocharge your Incident Response

Read about WireX Systems Incident Response Platform