A survey by Intel Security has shared tips to CISOs on how to improve network security at their enterprises.
Better security detection tools, better analysis tools, and more training on how to deal with incident response issues are the main ways to improve the effectiveness of the information security staff, said a survey by Intel Security.
Security professionals faced 78 investigations on an average per organization in the last year, with 28 percent of those incidents involving targeted attacks, said the report — Tackling Attack Detection and Incident Response — from Enterprise Strategy Group (ESG), commissioned by Intel Security.
Jon Oltsik, senior principal analyst at ESG, said: “CISOs should remember that collecting and processing attack data is a means toward action — improving threat detection and response effectiveness and efficiency.”
Nearly 80 percent believe the lack of integration and communication between security tools creates bottlenecks and interferes with their ability to detect and respond to security threats.
Real-time, comprehensive visibility is especially important for rapid response to targeted attacks, and 37 percent called for tighter integration between security intelligence and IT operations tools. In addition, the top time-consuming tasks involved scoping and taking action to minimize the impact of an attack, activities that can be accelerated by integration of tools.
Intel Security said these responses suggest that the very common patchwork architectures of dozens of individual security products have created numerous silos of tools, consoles, processes and reports that prove very time consuming to use. These architectures are creating ever greater volumes of attack data that drown out relevant indicators of attack.
While the top four types of data collected are network-related, and 30 percent collect user activity data, it’s clear that data capture isn’t sufficient.
47 percent of organizations said determining the impact or scope of a security incident was particularly time consuming.
Fifty-eight percent said they need better detection tools, (such as static and dynamic analysis tools with cloud-based intelligence to analyze files for intent). Fifty-three percent say they need better analysis tools for turning security data into actionable intelligence. One-third (33 percent) called for better tools to baseline normal system behavior so teams can detect variances faster.
45 percent of respondents consider themselves very knowledgeable about malware obfuscation techniques, and 40 percent called for more training to improve cybersecurity knowledge and skills.
Forty-two percent reported that taking action to minimize the impact of an attack was one of their most time-consuming tasks. Twenty-seven percent would like better automated analytics from security intelligence tools to speed real-time comprehension; while 15 percent want automation of processes to free up staff for more important duties.
This data strongly suggests that CISOs:
Create a tightly-integrated enterprise security technology architecture: CISOs must replace individual security point tools with an integrated security architecture. This strategy works to improve the sharing of attack information and cross-enterprise visibility into user, endpoint and network behavior, not to mention more effective, coordinated responses.
Cybersecurity strategies must be based upon strong security analytics. This means collecting, processing and analyzing massive amounts of internal (i.e., logs, flows, packets, endpoint forensics, static/dynamic malware analysis, organizational intelligence [i.e., user behavior, business behavior, etc.]) and external data (i.e., threat intelligence, vulnerability notifications, etc.).
Because organizations will always struggle to keep up with the most recent attack techniques, CISOs must commit to more automation such as advanced malware analytics, intelligent algorithms, machine learning and the consumption of threat intelligence to compare internal behavior with incidents of compromise (IoCs) and tactics, techniques and procedures (TTPs) used by cyber-adversaries.
CISOs should require ongoing cyber-education for their security teams, including an annual series of courses that provide individual professionals more depth of understanding of threats and best practices for efficient and effective incident response.
Intel Security surveyed 700 IT and security professionals at mid-market (i.e. 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organizations located in Asia, North America, EMEA and South America.
Respondents came from numerous industries with the largest respondent populations coming from information technology (19 percent), manufacturing and materials (13 percent), and financial services (9 percent).