To say that this latest disclosure of a breach involving sensitive customer data (passport
numbers, credit card details etc...) is regrettable seems vastly understated. It shines a light on what critical steps companies should take in protecting their valuable
Here are 3 key questions that every organization should ask themselves on a regular and ongoing basis due to the rapidly changing nature of today's computing environments:
1. What is your organization doing to proactively find cyber threats before they become
2. Can you reasonably protect yourself against unknown and insider threats?
3. What percentage of your Risk Management/Compliance and or Cyber Security
organization is focused on Hunting Threats? What percentage of their time do they
dedicate to this effort?
Hunting for Cyber Security Threats is extremely complex - we get it because this is where our organization lives. It is our reason to exist and I wanted to share my perspective with you on some fundamental truths as it relates to this Threat Hunting:
Sorry @splunk, running a query that can give you enough time to go to lunch and then return so you can learn what next question to ask just does not work!
If you are going to protect your organization, you better be able to ingest data in real time and from any source to cover the entire potential surface area (Network traffic and end point data) of an attack...and you better be able to correlate the data in real time so you have a clear and easy to understand picture of what is happening. Time matters here and, in that regard, being able to have rich context is vital.
Good luck to anyone that thinks they can use their SIEMS for threat hunting. They use summarized data because they are trying to reduce storage costs. By definition, this means the data in SIEMS will not give you everything you need to Hunt Threats. The fact that the data SIEMs store often uses different names for the same data also means running batch analytics (see #1 above) is further problematic. If you want to run effective Threat Hunting, you need to using raw data - enriched to provide context, ingested and analyzed in real time and at scale.
This is what we do at RANK Software. We are focused on supporting our customers detect, hunt and defeat known, unknown and insider threats with our VASA (Virtual Assistant to Security Advisors) Platform.
Put us to the test. We have a free Proof of Value offer open to any qualified customer. What does “qualified” mean? Its simple… Agree with us the success criterial that you will judge us on ahead of time, confirm that you have budget to spend to buy our solution if the PoV is successful and check in with us on a regular basis to hold us to our promises during the PoV. Simple and straightforward. Contact us and we will arrange the follow up.