Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
This white paper examines some of the key challenges many security
teams are facing today, and how the deployment of a solution based on
machine learning and analytics can help organizations address many of
these issues.
A Host of Challenges
Organizations are facing a security threat landscape that exposure of the personal data of 143 million American
seems to be growing ever-more menacing. Bad actors consumers. Hackers accessed individual’s names, Social
are finding new and more sophisticated ways to break Security numbers, birth dates, and other information.
into systems and networks to steal data, or otherwise
wreak havoc on organizations and their customers and These types of security incidents are costly. The average
business partners. cost of a data breach is $3.62 million, according to
the 2017 Cost of Data Breach Study by IBM Security
The past few years have seen a dramatic increase in and Ponemon Institute. The average cost for a lost
ransomware attacks, which can bring an organization’s or stolen record was $141, and the numbers are even
systems to a standstill. According to statistics provided higher for industries such as healthcare ($380) and
by the U.S. federal government, ransomware is the financial services ($245). The figures are based on
fastest growing malware threat, aimed at users of all information gleaned from 419 companies worldwide that
types. On average, more than 4,000 ransomware attacks participated in the research.
have occurred daily since Jan. 1, 2016, the government
says, a 300% increase over the approximately 1,000 Organizations not only face costs related to the data
attacks per day seen in 2015. breach itself, such as incident response and investigation,
but the expense of any legal settlements that might
Major organizations continue to be victimized by data result from the breach. Then there are the costs to the
breaches that leave sensitive data such as customer company’s brand and reputation to consider.
information exposed. In one of the more recent
incidents, an attack against credit reporting agency Damage can also come from failing to comply with
Equifax from May through July 2017 resulted in the government and industry regulations that call for the
These regulations have strict requirements regarding Companies have deployed tools to monitor network
access limits to data, as well as protection of the activity and gather data about security events. But all the
information itself. Recent research has shown that alerts and information coming into organizations keeps
many organizations are not prepared to meet the security teams on continuous scavenger hunts or trapped
requirements of GDPR, which is scheduled to become in mazes, searching for the answers that will keep the
enforceable in May 2018. organization from experiencing a damaging breach.
% OF
TIME COMPANIES
Hours 2.6%
Days 7.8%
Weeks 7.8% 99 Days
Months 42.9%
Years 38.9%
Time to Contain It
66 Days
Sources: 2017 Data Breach Investigations Report (Verizon); 2017 Cost of Data Breach Study (IBM Security and Ponemon Institute);
M-Trends 2017: A View From the Frontlines (Mandiant)
Guess Choose an alert to pursue Console See if the system has been
Console Look at 8+ SOC dashboards for backed-up
context Email Request a one-off vulnerability
Console Check SIEM, and spot 2 IP scan
! ! addresses Research Check if backend has been tested
Research Figure out which systems the IP Setback Discover disaster-recovery is only
! ! address match annual
Research Determine if IP addresses are Console Find where log files are being sent
! good or bad
Setback Not all log files are available
! Research Look at asset-inventory system
! for application owners Email Request missing logs
! Setback Email owners, due to out-of-date Email Receive missing logs within 2 hours
! asset-inventory system Setback 4+ hours later, realize that this is
! ! a false alarm
Research Find out when system was last
!
! ! scanned Guess Start this process again, with
! Research Figure out if the system has been next alert
patched
Sources: “Cybersecurity: Why Context Matters and How Do We Find It” and “Cybersecurity: The End of Rules Is Nigh” (Hortonworks); “What Your Security
Scientists Can Learn From Your Data Scientists to Improve Cybersecurity” (TechCrunch)
The latest security solutions help teams effectively address They can optimize the time, resources, and budget spent
these challenges. By leveraging ML and big-data analytics on the investigation; spend less time gathering data
capabilities, these tools can greatly ease and speed up and more time understanding an attack; and back up
the process of identifying and analyzing important trends, all of their findings with ML and analytics. The security
better protecting against genuine threats. team can see, at a glance, the current risk posture of
any entity such as a user, file, client device, server, IP
Companies need technologies such as ML and artificial address, or other IT component.
intelligence (AI) today in order to solve the problems
their security teams are facing, because existing Using an interactive dashboard, security professionals
processes can’t scale and are not efficient in dealing can directly drill down into the details of why an entity’s
with the demands of today’s security environment. characteristics, usage patterns, and behaviors are deemed
higher risk than others. The system’s intelligence gives
ML and AI enable teams to distill all the information that’s it the ability to dynamically learn contextual-behavior
coming in to them, identify the right places to look, and patterns for each unique entity, and how those entities
deliver the answers they need to find cyberthreats within interact with each other. The machine-learning analytics
minutes or days, not weeks or months. clearly differentiate normal from anomalous activity. This
leads to an extremely high-quality risk assessment and
The mathematical and analytics capabilities of a eliminates the false positives characteristic of other risk-
modern security solution identifies such factors as measurement models.
the most risky users within an organization, and the
potential threats those users represent. It’s important to remember that strong security is not
just a matter of deploying tools and letting them do the
For example, the solution can detect a full-stage attack work. Security teams need to work closely with colleagues
against an organization via advanced analytics in on the business side to gain better understandings and
combination with Active Directory, IP Repository Logs, context of the data being that’s analyzed.
Web Proxy, and DLP data. With the solution, the security
team can quickly view and understand the current state
of users, repositories, endpoints, and network traffic.
In today’s cybersecurity landscape, attack vectors they can quickly identify threats such as compromised
are becoming increasingly stealthy and multifaceted, accounts, insider incidents, and intellectual property
enabling bad actors such as hackers and cyber criminals theft. The security leads deliver a distilled view of
to avoid detection via traditional security tools. In order measured risk generated through dynamic ML and
to truly understand the impact of a threat, security advanced mathematical models. Because no security
teams need to holistically evaluate the threat by all professional is capable of matching the rate at which a
relevant angles and data points. computational system can process and correlate vast
amounts of data from multiple sources, the analytics
New security tools based on machine learning and capability provides an unprecedented level of efficiency
advanced analytics allow security teams to directly and productivity to the security team.
access a prioritized list of high-quality security leads, so
! !
! ! ! !!
! !
!
!
!
! !
! ! !
!
!
! ! ! !
!
!
! ! ! !
!
! ! ! ! ! ! !
! ! ! ! !
!
! !
!
!
! !
!
!
! !
! !!
!
! !
!
! ! ! ! !
!
! ! !
! !
!
!
!
! ! ! ! !
!
! !
! !
!
Contact sales@interset.com
Interset is a security analytics pioneer. An In-Q-Tel company, Interset transforms security operations efficiency by distilling billions
of events into a handful of prioritized threat leads. Its unsupervised machine learning measures the unique digital footprint
of systems and users. What used to take days or months, now takes minutes. Enterprises deploy the Interset machine-learning
solution to protect critical data across the manufacturing, life sciences, high-tech, finance, government, aerospace, defense, and
securities-brokerage industries. To learn more, visit our website, and follow us on Twitter, LinkedIn, and Facebook.