GET THE RIGHT CYBERSECURITY EXPERTISE
To successfully confront the increased number of cyberattacks, companies need skilled cybersecurity personnel who understand the current and evolving cyberthreat environment. With the right security staff, companies will be better prepared to rapidly detect an attack.
Although there’s a significant shortage of skilled security professionals, there are still plenty of steps an organization can take to fill the gap. Smart companies are increasingly outsourcing at least some of their security needs. Partnering with universities to pick the cream of the crop is another tactic, and using security tools specifically designed to address the shortage will also help (see Lastline’s blog Quality Tools Help Shortage of Cybersecurity Professionals).
STAY UP-TO-DATE WITH CYBERCRIME EVOLUTION
Knowing who is behind the threats you face and understanding their motivations will help you implement security measures to put cybercriminals on the defensive. Hackers are relentless and constantly employing new means to penetrate networks. Studies show that malware authors create five new malware programs every second, and last year’s prevention methods won’t hold up to this year’s attacks.
Unless an organization is constantly striving to stay abreast of the latest cybercrime methods, they will be unable to quickly detect a breach. The first line of defense is to understand where and how cyberattacks occur so enterprises can deploy appropriate controls and resources. That requires staying up to date through active involvement, appropriate education, and having the right security partners.
DEPLOY MODERN DATA BREACH DETECTION TOOLS
In addition to keeping systems, servers, and applications patched and up to date, it’s imperative to deploy modern breach detection tools. Although security budgets have increased during the last few years, many organizations are still purchasing and deploying old technology. Unfortunately, these legacy products are no longer effective at preventing modern breaches. Today’s attackers use new methods that older security systems don’t detect. See Lastline’s blog Security Spending is Up – But on Old Technologies that Don’t Work to learn more.
Today’s advanced breach detection technologies are very effective at spotting cyberattacks that older tools will miss – even those that are only a year old. Modern tools also gather, consolidate and present incident data in an automated and prioritized manner that is easy to understand. This dramatically reduces the time it takes for the security team to recognize a cyberattack and take steps to mitigate it.
LEVERAGE GLOBAL THREAT INTELLIGENCE
No one can successfully defeat today’s cybercrime by themselves. By leveraging threat intelligence generated by other organizations around the world, you will have a huge advantage when it comes to rapidly detecting a breach. A recent report, The SANS State of Cyber Threat Intelligence Survey: CTI Important and Maturing, found that organizations who are effectively using global cyber threat intelligence experience a number of benefits:
71% saw improved visibility into new threats
48% reduced the number of incidents through early detection and prevention
58% experienced faster and more accurate response times
54% said it helps detect unknown threats that they were previously unaware of
One challenge of using external threat intelligence is the sheer amount of data to process. Using advanced products that automatically ingest global threat intelligence will help in this area.
PERFORM REAL-TIME MONITORING OF ALL MAJOR PORTIONS OF THE ENTERPRISE
To more efficiently detect and investigate security incidents, security analysts need comprehensive and immediate visibility into key indicators of compromise. In addition to network level telemetry, the security staff need full visibility into logs and events from underlying infrastructure, applications, and security systems. Effective controls for partner or supplier gateways must also be in place.
When dealing with malware, immediate visibility into what is happening on each particular host is critical. Breach detection tools need to prioritize alerts and make it easy for analysts to quickly visualize the entire context of each attack campaign.