Co-authored by Anshul Garg.
Technology Shifts Over Time
Today I was thinking about music and delivery systems, and the effect of technology shifts on both.
How in the days of a new vinyl album, the record was announced on the radio and then folks waited patiently for it to arrive at the local music store. The simplicity of that time and the organization of the delivery system actually helped set expectations. You could make sense of the information coming to you and then take action when the new music from your favorite group was ready!
Contrast that over the last decade to computer systems and technology we use to simplify our lives.
The circulation of Moore’s Law in the 70’s signaled to us that the processing power for computers would continue to double every two years. I wonder if any of us understood at that time how this concept would completely take over our lives in the decades that followed.
Think of this music analogy, where we went from vinyl records played on the radio, to 8-track tapes to cassettes, to audio CDs, and today we seem to be settling around the delivery of our music via mp3 audio files and streaming (immediate music, all the time.)
The transitions that occurred in this one industry alone were head turning. It became confusing as to which system you should make an investment or how you could simply listen to your favorite music.
Immediacy of the Cybersecurity Landscape Today
Those of us in the world of computer security have certainly seen similar shifting foundations and tools constantly giving way and stepping to the side (rather obsoleted!) by the increased refinement of how we do our work. Threats, breaches and data theft from our systems has never been more intense. Not only are the tools and delivery systems constantly changing, but so too the investments and business leaders who choose to purchase these tools.
It is a decade old story where threat intelligence sources and solutions have scrambled over time to keep up with the latest threats.
To complicate things more, there has been an ongoing march towards widespread cloud adoption. These two things combined, Security market fragmentation and the movement from on-prem data centers towards cloud, creates many unique problems for the market and for security analysts specifically.
What do I mean by that?
Our Demands for Immediacy Are Not Slowing Down
Like our music example, today we have all the information streaming to us in an instant but that often makes it harder to separate something of value from fluff.
Take a look at the life of a typical Security Analyst.
It is difficult to separate the signal from the noise. With too many threats + many tools + false positives = alert fatigue. They are also dealing with a lack of integration with operational security systems. All types of data gathered from untrusted sources leaves confusion on what you can trust.
Security teams have immense complexity happening on a daily basis and the threats have increased ten-fold. Not just in bad configurations of systems and databases, but also the targeted attacks that continue to increase. The X-Force Threat Intelligence Index latest report tells us that the most common attack vectors, the evolution of ransomware and malware, and the risks posed by accidental breaches caused by factors such as misconfigurations, inadvertent insiders, and old, continually exploited software vulnerabilities continue to grow. New data from 2019 also showed a trend toward attacks on operational technology (OT), posing threats to industries such as energy and manufacturing. Attackers are on the path of least resistance and that’s why Security Analysts have to be on the top of their game daily!
Finding Value Through IBM Cloud Pak for Security
We know that security data is frequently spread across different tools, clouds and on-premise IT environments. This creates gaps that allow threats to be missed—that often are solved by undertaking costly, complex integrations. IBM Cloud Pak for Security provides a platform to help more quickly integrate your existing security tools to generate deeper insights into threats across hybrid, multicloud environments, using an infrastructure-independent common operating environment that runs anywhere. You can quickly search for threats, orchestrate actions and automate responses—all while leaving your data where it is.
New! IBM Threat Intelligence Insights App on Cloud Pak for Security
To keep up with the increasing volume of cyberattacks, most enterprises rely on external threat intelligence to supplement their own internal security data. To be truly effective, cyber threat intelligence needs to be actionable, reliable, contextual and insightful. It needs to help you filter out the noise and focus on the most dangerous threats, identify and address threats that could be affecting your business right now.IBM Security Threat Intelligence Insights is an application on Cloud Pak for Security that offers detailed, actionable threat intelligence that helps you identify and prioritize the threats most relevant to your organization–based on your organizational profile and environmental telemetry. Once you detect a threat, seamlessly investigate threats and indicators of compromise (IOCs) across multiple siloed sources, and finally remediate cyber threats –all from a single console –leveraging the applications on Cloud Pak for Security.
Reduce investigation time: Separate the signal from the noise with an adaptive risk score that allows you to prioritize relevant threats.
Increase environment visibility: Using the federated search capability, search across your environmental assets for malicious indicators to determine impact level.
Act fast: Quickly and efficiently resolve your threat with Cloud Pak for Security by seamlessly moving from threat intelligence to investigation and remediation.
Actionable Threat Intelligence: Act upon threat intelligence derived from X-Force Threat Intelligence Reports, which provide contextual information about threats across IBM’s global managed footprint as well as intelligence from live breaches and the unique threat hunting database IBM X-Force Incident Response and Intelligence Services team.
Relevant Threat Prioritization: Prioritize threats with the X-Force Threat Score, an adaptive score, that takes into consideration threat severity, malicious indicators, your organization profile and threats found in your environment.
Active Threat Identification: Identify threats active in your environment with ‘Am I Affected’, which runs continuous and automated searches across connected data sources.
Will IBM Cloud Pak for Security Threat Intelligence Insights get us back to a simpler time like listening to vinyl records in our favorite cafe sipping a cuppa? Maybe not, but it will help you to better identify, prioritize and act on the threats most relevant to you.
If you would like to learn more, visit https://www.ibm.com/products/cloud-pak-for-security and be sure to join the Cloud Pak for Security group here on Community.