Cyber Defense eMagazine March Edition for 2022

More documents

Recommendations

Info

• Identity and Access Analytics – Next-gen SIEM uses Identity Analytics (IdA) leveraging data science that monitors for and identifies risky access controls, entitlements, user behaviors, and associated abnormal or deviant activity. These types of advanced analytics data can also serve key indicators for provisioning, de-provisioning, authentication, and privileged access management by IAM teams. IdA surpasses human capabilities by leveraging machine learning models to define, review and confirm accounts and entitlements for access, and works with risk analytics to prioritize suspicious activity as more malicious. • Cross-Channel Fraud Prevention – Next-gen SIEM offers modern fraud detection capabilities with the ability to link data from a multitude of sources to provide a contextual view of what’s happening in the environment. Such platforms highlight anomalous transactions based on historic user and community profiles so analysts can initiate investigations or execute automated remediation actions. It analyzes online and offline activity, including public records, contact center interactions, point of sale transactions, ATM transactions, and more. It mines and normalizes data and then creates a risk score for fraud and abuse which can be used for real-time decision making. The ability to combine these elements to best suit the needs of an organization offer SecOps power and flexibility when protecting users and the business from data exfiltration, cyber fraud, privilege access abuse, account compromise and more – using behavior and context. As a result, teams can prioritize risks and alerts, quickly investigate problems, automate risk response, have a comprehensive view of case management, conduct contextual natural language search and more, all consolidated into a single management console. As the consolidation of security capabilities continues, providers are working to layer on more capabilities to further unify security, including UEBA, SOAR and XDR. They’re also working to provide better security and to lower capital and operational requirements, including scaling, training, management, and maintenance. In addition, security operations teams have long invested and been focused on external threats. This has led to a lack of monitoring for insider threats. As part of the foundation of a successful security program, teams must monitor for both external and internal threats. And a mature UEBA set of capabilities should be incorporated to fully protect the organization. What questions should you be asking today about your SIEM or to your SIEM provider? • How is the SIEM platform delivered? The ability to run as a collection of services entirely within the cloud makes it ideal for risk analysis of security data. Organizations have the advantage of aggregating and analyzing data from worldwide sources in a single application instance. These platforms must also scale (both up and down) to accommodate varying workloads. Furthermore, a cloud-native solution is often easier to maintain over time since the vendor can perform upgrades quickly, and in real-time. • Do they offer open analytics and allow teams to easily modify and build customer ML models? Open analytics are critical for security teams to be able to customize their ML models to suit their specific needs or build their own models. It’s important to understand exactly what goes into a model to be confident in its output. With black box analytics, results must be taken on faith since nobody knows how the answers are obtained, or if the results are valid. Cyber Defense eMagazine – March 2022 Edition 58 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
• What are my options for data lake? Where and how data is stored is a critical factor in the flexibility, speed, quality, and cost of security data processing, ingestion, and storage. Open choice of big data offers major economic advantages over traditional data warehouses for scaling to terabytes or petabytes. It’s imperative that a SIEM platform works with what you already have or plan to purchase versus being locked into a proprietary vendor data lake. • What does the risk modeling approach look like? Look for a platform that offers self-learning, selftraining, and contextually aware algorithms that score every transaction as they’re evaluated in near real time. This requires a comprehensive risk engine that performs continuous risk scoring and can provide real time risk prioritized alerts for incident analysis. The risk scoring framework needs to roll up risk scores from multiple contributing elements (with the ability to deliver normalized user and entity risk scores). As a result, a finite number of targeted response actions can be defined that are both targeted and driven by high-fidelity automation, and thereby accelerating threat response. SIEM is not just about ingesting data sources. To empower security teams these solutions must deliver a variety of capabilities. This includes providing actionable context of the ingested data, reducing noise, and identifying and prioritizing the right events associated with an attack. It also means delivering highly accurate and targeted investigation capabilities with confirmation of the attack and high-confidence automated responses. Finally, these solutions need to thwart the successful detonation of ransomware or the execution of the main attack purpose (corruption, disruption, or theft). A next-generation SIEM with unified security and risk analytics should be the core of a successful security operations program. Security teams must evaluate innovative technologies that continue to improve and consolidate analytical capabilities to provide a more usable platform that also improves the ROI of the SOC program. About the Author Sanjay Raja brings over 20 years of experience in building, marketing and selling cyber security and networking solutions to enterprises, medium-to-small business, and managed service providers. Previously, Sanjay was VP of Marketing at Prevailion, a cyber intelligence startup. Sanjay has also several successful leadership roles in Marketing, Product Strategy, Alliances and Engineering at Digital Defense (acquired by Help Systems), Lumeta (acquired by Firemon), RSA (Netwitness), Cisco Systems, HP Enterprise Security, Crossbeam Systems, Arbor Networks, Top Layer Networks, Caw Networks (acquired by Spirent Communications), Nexsi Systems, 3Com, and Cabletron Systems. Sanjay holds a B.S.EE and an MBA from Worcester Polytechnic Institute. Sanjay can be reached online at our company website https://gurucul.com Cyber Defense eMagazine – March 2022 Edition 59 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Why Changing Classified Document St
Page 3 and 4:
Tips And Trends for OT Cybersecurit
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8: Welcome to CDM’s March 2022 Issue
Page 9 and 10: Cyber Defense eMagazine - March 202
Page 19 and 20: level of concern while working remo
Page 21 and 22: The Fragility of a GPS Centric Worl
Page 23 and 24: Formerly known as LOng-RAnge Naviga
Page 25 and 26: The Role of The CFO In Enterprise C
Page 27 and 28: Help them mitigate potential risks
Page 29 and 30: The Safest Ways for Bitcoin Trading
Page 31 and 32: and clear instructions through a "N
Page 33 and 34: According to Cybereason’s “Rans
Page 35 and 36: If you implement these three tips,
Page 37 and 38: • Nearly half of zero-day malware
Page 39 and 40: Don’t Become a Horrible Headline:
Page 41 and 42: pandemic era. By empowering profess
Page 43 and 44: Have We Learned from Our Past Mista
Page 45 and 46: internet, etc. How much training is
Page 47 and 48: How to strengthen cyber resilience
Page 49 and 50: A BCDR solution with automated disa
Page 51 and 52: 1. Cybersecurity Incidents Will Bec
Page 53 and 54: Is XDR The Right Solution for Today
Page 55 and 56: How Open XDR Helps Open XDR address
Page 57: A very small set of next-gen SIEM s
Page 61 and 62: Additionally, we’ll witness the r
Page 63 and 64: Top 10 Reasons Cyber Defense Firms
Page 65 and 66: 4. Teamwork and individual responsi
Page 67 and 68: 5 Reasons Organizations Need Compre
Page 69 and 70: systems to manage identity and acce
Page 71 and 72: Directed Analytics - The Future of
Page 73 and 74: Directed analytics allow these insi
Page 75 and 76: InDesign and uploaded to indd.adobe
Page 77 and 78: Are You Prepared for the New Normal
Page 79 and 80: • Find Unseen Risk - The hardest
Page 81 and 82: intruders were able to gain control
Page 83 and 84: About the Authors Michael Cheng is
Page 85 and 86: Why am I rehashing this old trope?
Page 87 and 88: 1. Look for and minimize attack sur
Page 89 and 90: On The Frontline in The War Against
Page 91 and 92: How to Fix Mid-Market Security Usin
Page 93 and 94: the particular victims being target
Page 95 and 96: 5 Ways Cybersecurity Will Change In
Page 97 and 98: #3: Supply chains will be the big r
Page 99 and 100: Executive Order Instructs Certain O
Page 101 and 102: • Stay ahead of fraud. Fraud cost
Page 103 and 104: Too Hot to Handle:The case for Zero
Page 105 and 106: Critically, endpoint security only
Page 107 and 108: To prevent lateral movement attacks
Page 109 and 110:
Redefining Resilience in The New Wo
Page 111 and 112:
About the Author Andrew Lawton is C
Page 113 and 114:
Cyber Defense eMagazine - March 202
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
CyberDefense.TV now has 200 hotseat
Page 137 and 138:
Books by our Publisher: https://www
Page 139 and 140:
show all

Cyber Defense eMagazine March Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?