Visibility – a crucial proactive measure in advanced cyber defence
- Network visibility, advanced threat intelligence is needed for proactive security.
- Too many organisations are unaware and reactive in the face of growing cyber risk.
- AI SIEM, SOAR enables visibility, prediction and rapid conclusive response.
Too few organisations have the capacity to react timeously to malware attacks, and even fewer can proactively address security risks.
This is according to renowned cyber security expert and Specialist Sales Executive: Security at Gijima, Lukas van der Merwe, who says most organisations are unaware and reactive in the face of growing cyber risk.
Van der Merwe says the latest IBM Cost of a Data Breach Report indicates that early detection and rapid response significantly reduces the cost of a data breach, which indicates that delays could prove crippling for organisations.
Most organisations lack the necessary information to effectively take action or possess only the basic security operational solutions and structures to react to IT security events. “A minority of organisations are able to proactively address security challenges, and an even smaller minority are able to effectively respond to future security challenges,” adds Van der Merwe.
“It is important to note that in a world with new versions of malware and new attack vectors emerging almost daily, most preventive measures may not be effective. It only takes one unsecured workstation to unleash malware that could cripple a business. So, organisations must have proactive visibility with monitoring capabilities so they can see the attack the moment it starts happening and act within the critical time factor,” he says.
Van der Merwe says achieving full visibility requires a level of maturity. “Visibility relates to activity on the network and across the environment. If you then deploy monitoring capabilities, you gain some visibility, but if you add advanced threat intelligence, you can become more proactive.”
ICT companies like Gijima are offering a holistic, end-to-end portfolio of next-generation security services such as deploying IBM’s QRadar Security Information and Event Management (SIEM), to help security teams accurately detect and prioritise threats across the enterprise. This provides intelligent insights that enable teams to respond quickly to reduce the impact of incidents. IBM Security SOAR, formerly Resilient, is designed to help security teams respond to cyber threats with confidence, automate with intelligence and collaborate with consistency, as well as allowing them to visualise and understand security incidents to prioritise and act.
Van der Merwe notes that SOAR technology represents a significant evolution in cyber security enabling security teams to neutralise cyber threats faster and with more confidence. “SOAR underpins improved effectiveness removing the need for human intervention to respond to security incidents while AI improves response time with rapid conclusive investigations. These elements of next generation cognitive technology underpins the identification of anomalous patterns of behaviour and near real-time response,” he says.
“It is the combination of SIEM with SOAR and AI that underpins improved detection and response times leading to reduced costs resulting from data breaches.”
Achieving visibility using platforms such as Gijima’s Advanced Cyber Defence security capabilities and IBM SIEM and SOAR solutions will come under discussion at a virtual series of roundtables in October – to join, please register here.