The four pillars of effective threat management
Today, organisations have tons of data. But amid all this data, they struggle to find things that really matter: stealthy adversaries lurking in the network; insider threats; critical vulnerabilities; and privacy risks.
So says Ashraf Abdelazim, manager of Threat Management for MEA at Resilient, IBM, who will be presenting on 'Four Pillars for Effective Threat Management' at the ITWeb Security Summit, to be held from 27 to 31 May, at the Sandton Convention Centre.
He says there are several key things that organisations are doing wrong today when it comes to cyber security. "Firstly, they focus on technologies and features. They should instead focus on building full-cycle capabilities around people, processes and technologies for each security function."
Next, he says alerts and incidents are two of the most important elements that require focus and investigation, but organisations today don't have a consistent process for each alert, incident, or threat type. In fact, almost 54% of alerts are being dropped without investigation, according to the latest Ponemon Study.
"Businesses need to build a consistent, repeatable, auditable process for each alert type and utilise automation to get rid of repeated alerts and false positives. They need to shift the focus, effort and time of their team to investigating the right alerts and becoming proactive in threat hunting."
Abdelazim says organisations should employ automation, artificial intelligence and machine learning, and advanced security-specific correlation features to enhance detection and the generation of alerts.
The four pillars
He says there are four pillars that are key to effective threat management, and to effectively detect and manage threats:
1. Having visibility into the entire enterprise from a single place is needed.
2. Automating security intelligence to get actionable and prioritised insights into the most critical threats.
3. Orchestrating response - having a consistent, repeatable, auditable and automated process is key to delivering the right orchestration.
4. Being proactive - proactively hunt threats to find attackers earlier in the attack cycle, respond faster, and build those lessons learned back into your defences.
Delegates attending Abdelazim's talk will view a demonstration of the four pillars. They will also gain an understanding of what type of data to collect and how to automate intelligence to have the right insights through the 'detect, connect, prioritise and investigate' approach. They will learn how to build an orchestration and automation capability and, finally, how to utilise additional applications to extend the capabilities of current threat management with advanced use cases and security frameworks.