Logo Zephyrnet

Bảo vệ mối đe dọa trên mạng - Tất cả đều bắt đầu với khả năng hiển thị

Ngày:

Cyber Threat Protection

Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger.

This, however, can be a double-edged sword. Too many signals with too little advanced signal processing just leads to a lot of noise. The right, diverse set of signals with highly evolved signal processing leads to survival. It therefore makes sense that broad threat visibility across the IT environment is fundamental for detecting cyberattacks. Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams – link to this.

The Ongoing Problem of Limited Threat Visibility

The complexity of today’s IT environments has made it exceedingly difficult to protect. The defensive perimeter has expanded with an expanded remote workforce, increasing SaaS and Cloud workloads and more liberal third-party access. The IT environment is so big and complex, and ever-changing, that monitoring what’s happening is almost imporssible.

This complexity is not lost on cybercriminals that are drooling over the expanding set of profitable opportunities to exploit, increasing the creation of new and unanticipated attack vectors. Because most security technologies excel at stopping known threats, the escalating number of new threats means more attacks are undetected.

The patchwork of security technologies strewn across the IT environment allow security practitioners to see some part of the attack surface, but certainly not all. Moreover, disconnected defenses cannot provide a complete and accurate assessment of the threat landscape. Rather than better focus, the hodgepodge of security technologies increases noise.

The bottom line is that poor visibility leads to inadequate defenses, overworked security teams and increasing costs. Improving threat visibility is the first step to improving all aspects of cybersecurity.

Ba chìa khóa để hiển thị mối đe dọa

If attaining full threat visibility were easy, we wouldn’t be discussing it. Up until recently, achieving comprehensive visibility was very expensive, overly complex and based on a very large and highly skilled security team. Today, achieving full threat visibility is accessible to even the leanest IT security teams by using the right approach. See the Cynet eBook [link] for a more detailed explanation.

Key Technologies for Threat Visibility

While more technologies may seem better, the key is choosing the right set of technologies that cover the most important parts of the IT environment. These include:

  • NGAV - Bảo vệ điểm cuối cơ bản dựa trên các chữ ký và hành vi xấu đã biết.
  • EDR - Để phát hiện và ngăn chặn các mối đe dọa điểm cuối phức tạp hơn bỏ qua các giải pháp NGAV.
  • NDR – To detect threats that have made their way into the network and so-called lateral movement.
  • UBA - Để phát hiện hoạt động bất thường có thể báo hiệu thông tin đăng nhập bị đánh cắp, kẻ nội bộ lừa đảo hoặc bot.
  • Lừa dối - Để phát hiện ra các hành vi xâm nhập đã vượt qua các công nghệ phát hiện khác
  • SIEM – To mine the extensive log data generated by IT systems.
  • SOAR – To automate and speed up threat mitigation efforts.

Tích hợp mọi thứ cho Chế độ xem 360 độ

Multiple detection and prevention tools, as listed above, are required to begin to see across the entire IT environment. Implemented as stand-alone components, however, will still leave huge gaps in visibility. It also leads to so-called alert overload as each technology independently streams a steady flow of alerts that tend to overwhelm security teams.

Newer XDR solutions are built to integrate real-time signals from multiple points of telemetry on a single platform. Bringing together NGAV, EDR, UBA, NDR and Deception under one umbrella extends the range and resolution of threat visibility. XDR can expose attacks from every direction no matter what evasive measures they take.

Tự động hóa các hành động phản hồi để cải thiện phản xạ

Seeing a threat is one thing. Quickly and appropriately reacting to it is another. With improved threat visibility and accuracy, IT security teams – and especially lean teams – will need to react quickly to thwart identified threats.

Automation improves both speed and scale more than an army of security pros could–so long as it is integrated within the XDR. When both work together, all the signals and data collected by the constituent parts of the XDR feed into the automation engine to give it an enhanced understanding. That enables the automation to investigate the attack faster to determine its root cause and full impact. Then, based on what’s known about the attack, automation can orchestrate a playbook recommended for that attack, taking specific steps to neutralize the threat and mitigate the damage.

Kết luận:

Security stack need not continue to expand. Consolidating and integrating the key tools with emerging XDR technology enhances threat visibility, along with everything else. XDR allows any security team, even the leanest and greenest, to slash the false alarms, see the stealthiest attacks earlier and then automatically and instantly do something about it.

Tải hướng dẫn tại đây

Source: https://thehackernews.com/2022/01/cyber-threat-protection-it-all-starts.html

tại chỗ_img

Tin tức mới nhất

tại chỗ_img