Blog

Building Hypervigilant Security for the Post-Pandemic World

Written by Jason Yuan | March 17, 2021

The pandemic has forced businesses to embrace remote operations, forcing millions of employees to function on remote devices and networks that are more vulnerable to attack. With more endpoints requiring protection, and cyber-attacks on the rise, organizations are increasingly vulnerable to exposure. In a recent report, 85% of CISOs said that they had sacrificed cybersecurity to enable remote work quickly.

In this new paradigm, traditional cybersecurity solutions that follow the "castle and moat" approach are unreliable. While they protect the organizational perimeter, they assume that core business assets are automatically secure, often oblivious to threats already inside.

Typically, incoming security events or the potential Indicators of Compromise (IoC) are aggregated by security operations teams from several sources, including endpoints, networks, and firewalls. In either a manual or semi-automated way, they visualize, correlate and forge a remediation approach to terminate malicious threats.

With the increasing volume of security alerts, operations teams must process every event rather than prioritize critical events. In reality, over 75% of these events constitute false positives —but they expose the organization to significant security risk. This is notable considering an organization has anywhere between 20 – 50 security products in action.

As cloud adoption increases, it becomes easier and faster for companies to create, stage, and implement environments. But it also becomes more complex to process security alerts - making the manual processing of events very ineffective. It also slows down a lean security team and pulls them away from other priorities. In fact, 70% of cybersecurity professionals claim that the cybersecurity skills shortage impacts their organization.

This forces security operations teams to employ advanced learning technology to handle the Incident Response workflow-- using Artificial Intelligence and Machine Learning (AI/ML) - to identify, correlate and automate malicious event patterns. Returning to the traditional security endpoints' static signatures, malicious events morph themselves as innocuous events and slip past the network defenses.

The threat tactics and evolving signatures of the incoming events also indicate an increasing level of sophistication, such as leveraging vulnerabilities, escalating attacks through extensive reconnaissance activities, and weaponizing at run time of their choice. In many cases, legacy tools have been the foot soldiers that terminate harmful threats. Still, they are increasingly hindered by sophisticated attacks that may already be lurking within the organizations' environment.

To gain a posture of hypervigilance, organizations need to deploy security solutions that combine threat scanning capabilities with an automated threat response that can handle larger event volumes with consistency. To do that, infrastructures need to be constantly scanned for suspicious threat vectors and indicators of compromise. Upon monitoring and detecting malicious patterns, threats must be automatically identified while prioritizing the event remediation process.

In parallel, it's critical to use sophisticated AI/ML-based parsing algorithms and pattern recognition. The goal is to stop malicious actors in their tracks with little or no involvement of the security operations teams to focus on higher priority activities.

Given the speed of breach propagation, security practitioners are increasingly turning towards solutions that focus on hypervigilance and constant monitoring of network infrastructure for suspicious activity relating to policy changes, configuration updates, or the escalation of privileges. This is a critical step given the pace of infrastructure up-scaling possible with cloud workloads; as we saw with SolarWinds, enterprises are exposed to cyber-attacks involving on-premises and cloud assets. That's why businesses need a solution that can deploy a comprehensive detection and response mechanism seamlessly compatible with customer environments.

Efficient security detection and response rely very heavily on network visibility across the distributed customer's environments. Moreover, analysis of the contextual behavior of threats beyond basic footprints and static triggers enables better identification and remediation. Organizations are expanding their business operations and infrastructure while inadvertently increasing their attack surface. Therefore, a hypervigilant approach can help minimize this surface through continuous monitoring to help vanquish catastrophic threats.