Dwell Time, Agent Smith and Modernizing Your SIEM

The more data, users and devices there are, the more points of vulnerability and risks of cyberattack there are. So why are so many IT departments relying on out-of-date cybersecurity technologies? For some, this is a byproduct of a limited budget or the skills shortage. For others, the lack of a significant incident might be giving the situation less imperative than it needs.

If your organization is relying on technologies that aren’t aligned with current threats, consider this: it was recently reported that the average time between penetrating attack and discovery for SMBs ranged from 43 to 895 days, with confirmed, persistent malware averaging 798 days and riskware averaging 869 days.

button to download cybersecurity ebook for intelligent siem information

While larger enterprises might be better equipped and supported in their cybersecurity efforts, it’s very likely that this should serve as a warning for them as well. It’s no longer a matter of if, or even when your organization’s sensitive data will be stolen. The question now is, how often is it happening? And, how long will it take for you to know when it has?

The perimeter isn’t what—or where—it used to be

The perimeter is dissolving. BYOD, IoT and the mobilization of the workforce make it essential to move your protection closer to the point of risk. Researchers at Check Point announced on July 10 their discovery of a mobile malware variant they named Agent Smith which infected 25 million devices, without users ever being aware. This virus masqueraded as an app acquired from a third-party app store and took advantage of known Android vulnerabilities.

If you’re a fan of the movie The Matrix, you might recognize the name Agent Smith as the character who pronounced the human race to be a species that multiplies and multiplies, consuming all resources in the process. He then draws the parallel to another organism with the same behavior—a virus. There must be a few fans of the Matrix working in the research department at Check Point.

Reducing dwell time, improving endpoint detection

With a data-first security approach, it’s important to know where your most important data is. While some data may reside in a static location, the overwhelming majority will exist and interact in an ecosystem of devices and information pathways. Collectively, these devices often contain the most recent, sensitive data your organization possesses.

It’s a lot less painful to learn from others’ mistakes than your own. The dwell times SMBs experience, along with news of the Agent Smith virus, help to make the case for updating your SIEM now, rather than waiting for, and suffering through, a large-scale incident. Modernizing your SIEM can take your threat detection to the next level, incorporating traditional SIEM capabilities with threat intelligence, advanced historical and real-time analytics, endpoint monitoring, user and entity behavior analytics (UEBA), and AI for cognitive computing-based (i.e. smarter) orchestration and response.

The Intelligent SIEM

intelligent siem illustration

A modern SIEM solution can act as the intelligence and analytics engine behind your organization’s security practice and provide a significant impact on your security operations outcomes. The more data you feed it, the more intelligent it becomes. Not only does modern SIEM enable analysts to see north/south traffic at crucial network points, it also facilitates the detection of east/west lateral movement from inside the organization, alerting you to active intrusions and providing real-time intelligence and forensics to determine next steps for remediation.

The next step towards better SIEM for your organization might be augmentation of your existing solution, or a full modernization. The security experts at Sirius can help you evaluate your current environment and work with you to advance your security program. Contact us today to learn more.

 

By |2019-10-30T09:29:44-06:00August 5th, 2019|Blog|Comments Off on Dwell Time, Agent Smith and Modernizing Your SIEM

About the Author:

Chris Hoke is a Managing Director of Security Solutions at Sirius.