Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • Improving Threat Detection Through Integration
June 25, 2022

Improving Threat Detection Through Integration

Friday, 26 February 2021 / Published in Blog, Mimecast

Improving Threat Detection Through Integration

blog_Improving_Threat_Detection

The Value Of Cybersecurity Tools Can Be Greater Than The Sum Of Its Parts — But Only When They Are Used Collectively In An Integrated Manner.

Key Points:

  • Comprehensive threat intelligence requires a diverse set of cybersecurity tools to keep up with the ever-changing threat landscape.
  • But using multiple solutions generates troves of fragmented data that’s difficult for cybersecurity teams to interpret and act on.
  • To realize the full value of these tools, they need to be integrated, allowing security professionals to connect the dots and see the big picture.

So many cybersecurity tools, so little time. The amount and variety of the data generated by these tools can be overwhelming. So how do corporate security teams sort through it all to detect and prioritize the threats that matter most?

The obvious answer is to integrate all that data, so all the trees can be viewed as a single forest.

The goal should be to achieve a single, big-picture view that can be analyzed in real time, allowing security personnel to arrive at actionable insights without getting lost in the weeds.

Distributed Threat Intelligence Disrupts the Big Picture

No single cybersecurity tool can do everything, and comprehensive threat intelligence requires a diverse set of security tools to keep up with the ever-changing threat landscape. Yet a 2020 study by the Ponemon Institute found that making use of more tools placed an organization at a disadvantage, and that companies that used fewer threat detection tools were better able to detect and respond to an attack.[1] Less, however, did not always equate to more. The report also found that pooling data from discrete tools can help reduce reporting complexity, and 63% of the high-performing organizations surveyed said that sharing data among tools helped improve their ability to respond to threats.

In other words, widespread, piecemeal data presents problems when it isn’t integrated properly, and even the best threat intelligence tools can be a liability if they’re treated as alert-generating islands unto themselves.

Too Many Alerts Can Prove to be Costly

An increasing volume of alerts is a burdensome reality for many security teams. It’s not uncommon for some organizations to receive more than 100 alerts in a given day — or even ten times that many if they work at a large enterprise.[2] And like the boy who cried wolf, with so many attack notifications they become easy to ignore.

This state of affairs can be very costly. Another study by Ponemon, this one from 2015, found that companies lose an average of $1.27 million a year responding to inaccurate or erroneous alerts.[3] This is in part due to all the time wasted by the cybersecurity professionals who are tasked with parsing through all the noise. In the absence of an integrated solution, it’s like asking them to piece together an oversized jigsaw puzzle without providing a big picture for them to reference. Ultimately, they might be able to do it — but the outcome is less certain, and it will surely take them much longer to accomplish the job.

Even with all the state of the threat solutions at their disposal, when the data is channeled through individual veins, as opposed to a central artery, security teams have trouble keeping their finger on the pulse. Absent a centralized hub, integrated dashboard or similar reporting mechanism, team members have no choice but to bounce from one threat intelligence service to the next. This keeps them stuck in the weeds, unable to discern an attack pattern or how one intrusion might be related to the next. Responding to threats as they occur, they can only react — unable to adopt a more proactive approach that anticipates where the next attack is likely to come from.

Better Threat Detection Relies on Data Integration

With the average time-to-detection of a cyber intrusion being an astounding 56 days,[4] there is small doubt that better threat detection intelligence is needed. Enter SIEMs, SOARs and APIs, which collectively make it feasible to integrate multiple threat intelligence solutions.

Security Information and Event Management, or SIEM, provides a framework for assimilating the inputs from discrete security tools into a single feed. By aggregating and correlating this data, it can spot events that can’t be identified by individual monitoring of individual tools.

Security Orchestration, Automation and Response, or SOAR, boosts a SIEM framework’s capabilities by automating the threat analysis and incident response. But SOAR’s ability to programmatically respond relies on extensive data integration. Hence the need for APIs —especially open APIs — that can accelerate the melding of different cybersecurity tools and their reporting systems.

Using software technologies like SIEMs, SOARs and open APIs, security professionals can tap into the collective power of the best threat intelligence tools available, enabling them to lift their gaze from the trees to the forest.

The Bottom Line

Given the ever-changing cyber threat landscape, the profusion of threat-detection tools is a necessary evil. Used standalone, these tools can become a liability, since they force cybersecurity teams to flit from one reporting system to the next, often missing the big picture in the process. But by integrating them with approaches like SIEM, SOAR and open APIs, security professionals can connect the dots, spotting threat patterns that would otherwise elude detection.

[1] The 2020 Cyber Resilient Organization Study, The Ponemon Institute

[2] “56% of Large Companies Handle 1,000+ Security Alerts Each Day,” DarkReading

[3] The Cost of Malware Containment, The Ponemon Institute

[4] “FireEye Mandiant M-Trends 2020 Report Reveals Cyber Criminals Are Increasingly Turning to Ransomware as a Secondary Source of Income,” FireEye

by Megan Doyle

Original article can be found HERE

What you can read next

The best defence against MegaCortex ransomware
The best defence against MegaCortex ransomware
blog_header_challenges_in_2021
Small Businesses are Facing Big Cybersecurity Challenges in 2021
blog_Teams_Rooms_and_surface
Microsoft Teams Rooms and Surface Hubs

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP