Agencies know the importance of quickly identifying and mitigating threats, but existing infrastructure and escalating trends have made it more difficult than ever to keep up.
Limitations of existing tools: As threat actors become more sophisticated, they find more creative ways to circumvent any defenses organizations put in place. Legacy tools can get you part of the way there – by identifying a threat so you can block it or take other action. Today, it’s increasingly important to be able to analyze behaviors in real time. Also, while legacy tools are effective at their specific function, they often can’t work together in a security ecosystem to create a more comprehensive threat picture.
Lag time in detection, alert triage and response: Existing tools also can be overwhelmed by the amount of data that must be analyzed quickly, resulting in unacceptable lag times and too many false positives. Think about it like going through a TSA checkpoint: You place your bags on the conveyor belt and pass through the scanner. But that’s just one checkpoint. The second consists of TSA agents who scrutinize passenger behaviors to determine whether anything seems awry or anomalous. These points aren’t correlated and analyzed until later, potentially well after a bad actor has reached the intended destination.
Limited capabilities around sharing and correlating threats in real time across the public and private sectors, and limited ability to gather intelligence on threats that other agencies can learn from: While agencies today have some ability to share and correlate threats, they often can’t do that in real time, or even nearreal time. Instead, information-sharing is occurring manually through reports, email, phone calls and instant messaging. By the time the dots are connected, it’s often too late. In addition, it’s often virtually impossible to gather intelligence on threats that might not be present in the agency’s environment, but that have cropped up in other agencies and might present a future threat to the agency.
The Solution: Identify Threats Before Damage Is Done
Stopping attacks before they become catastrophes requires a proactive approach — one that can correlate and analyze information from a multitude of sources in real time. It’s about collective defense — a collaborative approach that knits together an organization’s existing cybersecurity tools with anonymized cyber anomalies from other sources, both public and private, and real-time analysis. This approach allows agencies to aggregate data and run higher-order analysis, and identify attackers earlier in the attack cycle.
Incorporating behavioral analytics into the network infrastructure and cybersecurity process can go a long way toward identifying truly potent threats. Unlike signaturebased analytic tools, which compare incoming information with a list of known indicators of compromise, behavioral analytics can look more deeply into individual networks and detect anomalies that couldn’t be identified otherwise.
Behavioral analytics become even more powerful when combined with anonymized metadata from other organizations. For example, a behavior may appear benign when analyzed on its own, but when combined with information from other organizations that have observed the same behavior, it may now appear to be suspicious and warrant further investigation.
To pinpoint the most relevant emerging threats even more specifically, add a third component: a team of threat hunters and security analysts tied into the same information-sharing hub from a cybersecurity operations center.
“You might not see anything out of the ordinary if you look at your network traffic, but by looking at the behavior from different points of view, and with input from different organizations and analysts, you might reach a different, and more correct, conclusion,” said Gareth Owen, Vice President, IronNet. “More important, a collective defense approach allows you to proactively remove the threat before real damage is done.”
This article is an excerpt from GovLoop’s recent report, “Stop Hackers in Their Tracks Through a Collective Defense.” Download the full report here.