Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!
Unless you’re under a rock, you know that the WannaCry Ransomware cyberattack swept worldwide headlines last week.
Organizations scrambled to apply the latest Microsoft security patch to their computers to prevent the spread of the attack. It’s estimated that the ransomware attack hit more than 300,000 victims in 150 countries.
There’s a lot of buzz about, and interest in, security analytics. Security teams and vendors are exploring anything and everything that will accelerate threat detection and remediation, and ‘analytics’ intuitively feels like something organizations should be doing more. With the average breach taking 200+ days to detect, it sure seems like there’s room for improvement.
The challenge is nearly every security vendor has integrated ‘analytics’ into their message, so now we’re right back where we started - how do we determine what’s what? There’s even some disagreement among industry analysts, some say analytics is the next big thing in security while others say it’s been part of our solutions for years and therefore is nothing new.
Due to increasing interest from so many of our customers, FireMon commissioned Forrester to survey security organizations about their challenges, current data analysis tools and plans for security analytics. John Kindervag, a principal analyst with Forrester, and I discussed the findings in depth in this webinar, but the essence of the report is: 1) growing complexity has created new challenges in detecting and responding to threats; 2) existing data analysis solutions (i.e. SIEM) have major shortcomings; and 3) there’s growing interest in security analytics to reduce risk by accelerating detection and response.
In response, the security and IT management industries have integrated analytics into messaging and materials. Even if it’s nothing more than relabeling their existing report section to better match a prospective customer’s keyword search.
Reviewing a definition for analytics shows how the subject can be so broadly defined and interpreted. Data Analytics is the discovery and communication of meaningful patterns in IT data to improve IT and business processes. The patterns can identify changes, differences and inconsistencies that indicate an existing incident, elevated security risk or operational inefficiencies.
Such a broad and general definition forces security teams to devote significant time and effort to explore analytics products and technologies. Without a structured taxonomy to communicate their needs and evaluate solutions, we hear questions like “do you offer a dashboard?” Dashboards are built for a predefined list of questions that aren’t available for the new and unusual. Here is an analytics taxonomy that segments solutions into two specific and actionable categories to ensure organizations can prioritize the security analytics solutions they’re investigating.
Analytics for the Known – Analytics for the known include key performance indicators (KPIs) for infrastructure and services like Internet bandwidth, trouble ticket volume and application performance graphed over time. This information is commonly consumed through a dashboard, something we’ve had for years. And while there continue to be advancements, the business impact is largely incremental.
Analytics for the Unknown – The biggest net new opportunity for analytics to impact the security and operational efficiency of the business is discovering the unknown – the issues that aren’t displayed in a dashboard. We’ve heard phrases like “I need answers, but I don’t know the questions to ask.” While this might seem like hyperbole, it’s a real challenge. All the questions thousands of incredibly smart security professionals) have imagined over the years are embodied in today’s security systems (i.e. firewalls, anti-virus, intrusion detection, malware detection, etc.) and yet the adversary still finds a way in… We need answers, especially when the questions aren’t obvious.
The people that are able to find the answers without knowing the questions are in limited supply. They need tools to navigate large volumes of data, highlight relationships, groups, outliers and changes with previous observations as context. Any progress in identifying characteristics, anomalies and changes that enables businesses to find answers to the elusive security and operational incidents is potentially transformational for security teams. It needs to be fast and easy enough for our security subject matter experts (SMEs) to use without becoming data scientists.
In future posts, we’ll explore the challenges in requiring our SMEs to become data scientists to perform data discovery and exploration. We’ll also discuss the benefits of correlating security policy/configuration information with network, system and application data.
So you’ve purchased a new firewall. Now what?
You’ve got to decide which access is allowed, which isn’t allowed and whether or not rules are compliant with internal and regulatory standards.
Things are running along smoothly and then the dreaded “change.” A user submits a new access request and the fun begins. Is this access necessary? Safe? Compliant? And what happens when it’s time to retire unused rules?
How Effective Security Management Can Help Teams Cover the Exponentially Increasing Gap between Technology & the Resources Available to Manage It
Security teams today are under tremendous pressure due to the rising frequency and impact of breaches and a business that wants to move faster and faster. The answer to both of these challenges has always been to add more technology and staff resources.
However, each new technology added creates complexity. More rules are created and more data is generated. As networks continue to evolve, this complexity will only grow. And while staff resources may increase, they will never match the exponential growth of technology.
FireMon calls this phenomenon The Complexity Gap and has set out to help security teams close it.
Join us for this webinar with Frost & Sullivan where we’ll explore the causes of “The Gap” and how workforce multipliers such as intelligence and automation help staff manage their security more efficiently and more effectively.
Helping Enterprise Security Teams Improve Resource Efficiency & Reduce Overall Risk Exposure
Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.