Key Topics
We know there’s a problem, but we just can’t see it
Many medium-sized enterprises recognize that cybersecurity is a risk that requires their specific attention. However, many struggle to implement effective measures to combat cybersecurity that genuinely manages the risk and reduces the threat.
With an acute shortage of cybersecurity skills, and an increasingly complex threat landscape, the challenges faced cannot be addressed solely by increasing the size of SOC teams.
From our experience as a security systems integrator, countless mid-sized UK businesses ‘look the other way’ when it comes to facing up to the threat. Although they may have SIEM, SOC or detection technologies “in place”, they fail to provide actionable intelligence/visibility and are simply unable to deliver an adequate response in the face of an attack.
What do the experts say?
In PwC’s recent 20th Annual Global CEO Survey it found that UK CEOs rate cybersecurity as their second biggest business threat, with 97% of CEOs also stating that their organizations were currently addressing cyber breaches.
Gartner tell us that security and risk management leaders responsible for security operations should:
- Use MDR services to add 24/7 threat detection and incident investigation and response capabilities, when they don’t exist or are immature. Internal resources will still be needed for some response activities, and incident response retainers will be necessary for additional support as well.
- Use MDR services offering a turnkey technology approach when there is little to no existing investment related to security technologies for threat detection and forensics, and when the speed to implement MDR services is important.
Cybersecurity specific to you
Based on your business and risk management needs, the activereach + eSentire integration allows you to select from a spectrum of threat protection capabilities:
Rapid intrusion detection and response auto-detects and responds to known and unknown threats with:
- Real-time blocking of IOCs, signatures, and previously unseen attacks, including phishing, malware, ransomware, and botnets
- An extensive, proprietary rules library covering 40+ threat categories
- Highly-customizable rules and policies, including executable whitelists, geo-IP, and blocking access to specific sites
Log aggregation for threat hunting enables log correlation and playbook development to support and guide analysts, regardless of the network size, by:
- Aggregating and correlating log data to assist with reporting, compliance, and attack forensics
- Finding, tracking, and mapping threats to affected resources by querying, exploring, and pivoting across logs
Insider and persistent threat detection, regardless of the tools, tactics, or procedures (TTPs) used, by focusing on the few fundamental adversary behaviors:
- Automatically learns and constantly updates “normal” definitions for each host within a customer’s unique, growing, and changing environment
- Understands and ties together internal reconnaissance, collection, and exfiltration behaviors across time and the network
- Speeds investigations and provides comprehensive customer understanding with ThreatCases, contextual maps of unfolding threats
CPE ISC2 credits will be available for the session.