Intelligent Defense: How Netenrich Adaptive MDR™ Overcomes the Limitations of Traditional SIEMs
Traditional SIEMs just aren’t cutting it anymore. They rely on outdated, reactive measures that lead to inefficiencies, false positives, and missed...
4 min read
Netenrich : Mon, Feb 22, 2021 @ 10:00 AM
Attack surface management (ASM) and cyber threat intelligence provide protection your organization needs to defend its brands and assets. ASM offers information about your organization’s digital exposure and describes what could be subject to attack. Cyber Threat intelligence provides information about attacks that may be possible, preventable, or avoidable. But only by putting those pieces together can your organization achieve peace of mind.
By itself, intelligence describes possible risks, vulnerabilities, and exposures. It provides useful information about things that your organization may encounter. But the real work involved comes when it’s time to do something about such intelligence. This is, of course, where actionability comes into the picture.
Actionability takes raw intelligence and adds two important, and specific, ingredients (specific to your organization, that is) — namely, context and personalization:
This term describes the overall environment or world in which the intelligence occurs and resides. Context is vital for security because it defines what matters and what doesn’t when determining whether a specific item of intelligence applies to a situation. Context also reflects a broader understanding of threats in terms of the risks they pose, the impacts they’ve already made on other organizations, the kinds of damage they could lead to, and so forth.
Personalization speaks to relating information and advice to your organization’s specific circumstances, policies, and procedures. General remediation advice is helpful because it provides guidance about what to do and perhaps a broad outline of how to do it. Personalization takes that general guidance and the outline of what to do and turns it into a targeted set of instructions on exactly what your organization could do, step-by-step, to address its own greatest risks. Personalization also refers to being able to customize dashboards and track findings within the ASM portal.
Netenrich integrates AI-led intelligence with input and advice from human analysts to present your organization with refined intelligence. It offers context and threat and risk assessments, along with prioritization, so your organization knows which threats demand immediate response to avoid costly breaches.
Knowledge NOW (KNOW) is Netenrich’s free global intelligence portal. It covers everything that’s trending in the world of cybersecurity threats and is powered by the company’s proprietary intelligence. KNOW leverages AI and expertise to aggregate and contextualize news about emerging threats and attacks through a single information feed.
KNOW’s real benefit comes from pulling information and context together to save time understanding, prioritizing, and acting on threats. The portal provides a continuously updated, always current stream of threat news, information, analysis, and trending security data. It lets your organization see for itself what’s happening across your entire security landscape. And with a bit more digging, searching, and filtering, KNOW can provide actionable insight relevant to your organization’s areas of risk, vulnerabilities, and indicators of compromise (IoCs).
In security lingo, a zero-day attack is a security attack that occurs on the same day it’s discovered. Many threats and associated vulnerabilities and exploits come from security researchers seeking to demonstrate that such threats are real, and associated vulnerabilities can indeed be exploited.
But a zero-day threat is something that starts off bad with a genuine attack. It’s discovered as a result of some real exploit foisted on your organization that falls victim to its method and means of attack. Theoretically, when a zero-day attack occurs, your organization with the same vulnerability could also fall prey to that same attack right then and there. The real trick comes if — and only if — your organization is paying attention to zero-day attack news and becomes aware that evasive or preventive action is needed now. This is where KNOW comes in. Users get apprised of zero-day attacks through that category of information in the feed. As soon as organizations know there’s a potential impact, they can start working on remediation and mitigation.
Context and actionability fit like hand in glove. Good context brings organizations to the point where they can take the right actions faster. Contextualization is absolutely essential to go deeper and make that information available to analysts for preventing breaches. Simply finding assets at risk isn’t all that helpful. However, assigning a risk score and prioritizing risks based on relevant context saves your organization time and effort in moving from information to action. To make intelligence truly actionable, cyber threat intelligence should provide insights as to severity and what to do next without requiring analysts to access multiple sources and correlate them manually. That’s what integrating ASM with threat intelligence is all about.
Scanning millions of Internet data points may raise countless potential issues or gotchas. At the end of the day, somebody needs to do the work involved in extrapolating from a possible threat to an actual risk with immediate potential fallout. It’s one thing to know there’s a threat against an email system your company uses. It’s another thing entirely to know that this email system has recently been linked to or hijacked for takeover by bad actors. One is a mild cause for concern; the other is a call for immediate action. If you put attack surface intelligence (ASI) together with KNOW, both forms of intelligence combine to dramatically reduce the time and effort needed to resolve risks. Take, for example, the case where ASI reports an at-risk server connected to your organization’s brand. KNOW feeds into ASI to inform you right away if that same kind of server has actively been used to deliver ransomware.
If your team finds suspicious IP addresses or IoCs, dig deeper. Your team member could visit the intelligence portal to enter an IP address and get a risk score. Ah! But is that risk score relevant or just a summary from industry sources? KNOW blends news with intelligence to get your team members to resolution more quickly. On one screen, tags display trending news with related topics, activities, and technical indicators to guide next steps. Your team members can immediately know if a vulnerability is tied to a specific ransomware attack and if products in your organization’s infrastructure are directly impacted. This saves substantially on the time, effort, and cost involved in getting from “I may have a problem” to “I know I have a problem, and here’s how I’ll fix it.”
Comprehensive and exhaustive security discovery and data dashboards can be overwhelming. IT and security professionals can wilt under the load involved in caring for hundreds of domains and tens to hundreds of thousands of assets. The real issues then become which assets are riskiest and why they’re in peril. Getting and staying focused is the only way to cope with information glut and a plethora of ongoing alerts. Integrating threat and ASI guides prioritization so that, when faced with multiple threats trending, team members can see which ones directly affect their business, industry, vendors, and partners. The other ones probably don’t rank high on the priority list.
KNOW gives your team members the context needed to decide what truly matters on a single dashboard page. Deep context and actionability help them get past the key roadblock to resolution: Where exactly is my problem, and how do I fix it? Actionable intelligence shows which risks deserve the highest priority and immediate attention. It also answers, “What do we do about it?” Thanks to integration at a deep level, cyber threat intelligence from KNOW feeds right into ASI. This empowers your SecOps team to take the next step immediately. It can research the most critical risks first, then act fast to implement the “Inverse Golden Rule”: Do unto others before they can do unto you. This means forestalling or mitigating the threat before bad actors can exploit it. That’s what integrating cyber threat intelligence with ASI makes possible. Now that’s resolution.
The best source of information for Security, Networks, Cloud, and ITOps best practices. Join us.
Traditional SIEMs just aren’t cutting it anymore. They rely on outdated, reactive measures that lead to inefficiencies, false positives, and missed...
Staying informed about emerging technologies is essential in cybersecurity. The Gartner® Hype Cycle™ for Security Operations 2024 report highlights...
Are you ready to take your NFL game day to the next level? Netenrich and Google are teaming up to offer an exclusive opportunity that combines the...