When it comes to defending our networks we have to be right 100% of the time but a cybercriminal has to be right just once. We must shift this balance if we are ever going to be in a position to truly protect and defend our networks. In fact, defence is probably no longer appropriate because it is not enough we need to be in a position to stop the attacks and even predict attacks. Predict attacks you say? How?
Those of you familiar with the Lockheed Martin Kill Chain methodology will know that ultimately the goal is to analyze persistent intrusions for patterns and trends and then use this data to stop attacks or even predict attacks. Breaking the chain in one place means that you may have been successful in stopping that one attack however to be truly resilient you really need to break the chain in several places. How can you do that and what tools would you need? There is an answer….
RSA launched Security Analytics on the 30th January. It is a security monitoring system that brings together technologies from the existing technology categories, including network security monitoring, log-oriented SIEM, malware analytics, forensics, compliance reporting, and Big Data management & analytics, to better address the security needs of organizations. In particular the RSA Security Analytics solution provides capabilities that improve the effectiveness and efficiency of security analysts in their discovery (or detection) and investigation of security vulnerabilities and attacks which are underway. In addition, with RSA Security Analytics, proving compliance becomes an outcome of effective security controls as opposed the main driver of them.
In most companies’ protection and analysis is done by an army of people relying on point tools and manual or labour intensive processes. According to ESG research, 44% of enterprise organizations believe that their security data collection, processing and analysis qualify as “big data” today. This is simply not good enough to thwart our adversaries. We need real-time security intelligence and situational awareness to give them visibility into their security status at all layers of the technology stack and across their enterprise. This unprecedented view was not possible until now. This level of intelligence will help security executives prioritize actions adjust security controls accelerate incident detections and improve workflows around incident response. All of these can advances can not only improve security but can also lower the overall operational costs of doing so. RSA Security Analytics may just have the tools to help with breaking the kill chain. Read more on RSA Security Analytics