Data-Driven Security Reloaded: Summary of Research Findings for Endpoint Threat Detection, Prevention, and Response
Abstract: Information security has always been a large producer and consumer of data. More sophisticated best practices and expanding compliance and regulatory requirements have almost exponentially accelerated the production and consumption of data. Event and activity logs have grown to big data proportions and the diversity of data being consumed has become significantly more varied. As a result, traditional log and event management tools and monitoring practices are becoming increasingly insufficient. To add to this, the problem of maintaining security for an environment is at an all-time low. Executives are being dismissed or forced to resign post breach whether they knew about security issues prior to the breach or not. Threats seem to come from every angle. Not only are attackers consistently probing, but the attacks themselves are more persistent; once a foothold is achieved, detection and removal are also more difficult. This research summary discusses how "the death of antivirus" has not meant the end of protecting the endpoint. Both management- and operations-level IT and information security practitioners are re-embracing the idea that, despite the onslaught of malware and other persistent threats to endpoints, prevention is possible with endpoint threat detection and response (ETDR) technologies. Over the last year, ETDR solutions have seen a significant surge in adoption, jumping the technology chasm from an emerging technology into a growth technology (see Figure 1 in the Analysis Summary). Through a best of breed approach, administrators and security personnel responsible for protecting information are getting higher fidelity data to provide better context for preventing incidents in a world where traditional prevention methods have often failed. ETDR tools provide practitioners with a means to thwart attacks and verify success via bidirectional information exchange with other systems. Bit9 + Carbon Black and Enterprise Management Associates have partnered to provide this research, which identified that nearly 80% of respondents believed that ìconsistent prevention of stealthy threats, advanced persistent threats, or advanced target attacks are possible with technology solutions existing today." |
Author:
|