Every day we are bombarded by mountains of threat data from a variety of sources. While most of this data is completely irrelevant and needs no attention, we can’t afford to miss the next attack that could be devastating to our business.
According to a Ponemon Research Report, 70% of security professionals say there is simply too much data to take action. If you have 100,000 pieces of data to review, it’s virtually impossible to know which ones need your attention first. By the time you discover a pattern of an attack in the data, it’s often too late.
Another problem is that a lot of the data we receive from threat feeds is a one-to-one mapping where a known threat is mapped to a signature identifying that specific threat. While the industry tracks a variety of indicators and sends out updates as a result, attackers are constantly changing their attack patterns so that they can continue to run undetected. Attacks are often used once for a specific target and then that version is never used again. This means that traditional signatures are useless for these cases.
Data From Everywhere
When one person or a group has to review all of the data from firewall logs, antivirus software, security appliances, etc. that is spread across multiple browser windows and try to determine what is relevant and what isn’t, it simply doesn’t work.
When you combine this with the fact that the technology vendor who supplies your security software and appliances isn’t the same vendor who manages those security appliances, there is often a gap between the data that comes in and the data that gets reviewed efficiently.
Often, the attacks that succeed aren’t sophisticated. “According to a report based on two years of sensor data, 57 percent of attacks that get through firewalls and antivirus systems are unsophisticated, brute-force attacks,” says Maria Korolov with csoonline.com.
Threat Intelligence To The Rescue
So, how can you sift through the mountain of data to find the important information? Threat intelligence does this by helping users identify the important attacks out of the irrelevant data, including new types of attacks that have never been encountered.
Using threat intelligence, you can track events as they occur with real-time analysis that monitors behaviors of software looking for those that might be malicious. The software monitors computers and servers across your network in real-time, correlates the events, and then notifies the appropriate people when important events occur. The data is also stored to provide forensic data after the attempt to attack a system has been stopped. This data can also be used to determine patterns to detect future attacks.
Conclusion
Having the latest security patches for your company’s computers is only the first step in protecting those machines. Using highly effective next gen endpoint security software will give you the threat intelligence you need, allowing you to monitor when an attack occurs based upon behavior patterns, instead of an outdated list of attack profiles.
Read this whitepaper, Forensics Analysis: How to Make Sense of the Data, to discover how to provide robust forensics and endpoint protection, through the use of this very data. Don’t you think it’s time to increase your threat intelligence before the next attack occurs?