by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : April 2014
QWhat are the shortcomings of incident detection and response tools when it comes to responding to an attack? AIn a single word....speed. The chief contributors to this de- ciency are a lack of integra- tion and comprehensive in- sight into both an enterprise's endpoints and network ac- tivity. Integration is a chal- lenge because a typical in- cident response (IR) cycle involves at least three sepa- rate products: one to alert an analyst to a potential breach, a second to then manually transport the alert data into and then subsequently investigate the target machine, and yet a third product to actually begin to take some remediation action. Comprehensive insight is a shortcoming because the vast majority of prod- ucts on the market focus solely on either endpoint data (servers, laptops, desktops) or network traf c. QHow does security incident and event manage- ment (SIEM) t into a holistic rapid detection and response strategy? AChief among the use cases is log correlation to be- gin to stitch together the myriad alerts between in- trusion detection systems and perimeter rewalls, as an example. SIEMs are really limited to being alerting tools and are somewhat ineffective as they often rely on known harmful events. They must be supported by solutions that can further investigate targeted endpoints and offer capabilities to stop or stem the damage. This shortens the IR lifecycle and improves the effectiveness of a SIEM implementa- tion, especially when the primary solution supports bidirectional communication and can further nour- ish the SIEM's alert library. QHow are organizations searching their enter- prises for threats today? AUnfortunately most organizations have not reached the maturity to "search" for threats. Searching for threats has historically required considerable expertise and knowledge. This has left most organizations in a "reac- tion mode," which has led to the breach and cyber theft headlines we continue to see on the evening news. We have developed an approach that addresses the three pillars of proactive security: integration, automation and collaboration. By arming themselves with tech- nology that supports these pillars, organizations can rise along the maturity spectrum. They can then be- gin to search for anomalous activity vs. expending resources in chasing down false positives. QWhat goes into root cause analysis and what insights can be gained? ARoot cause analysis goes beyond what went wrong in to identify the underlying technical, managerial and or- ganizational vulnerabilities. Unfortunately, investment in tools and techniques to support root cause analysis has historically been limited, because those resources are dedicated to responding to current threats. The era of continuous compromise demands a new approach to not only remediate the immediate damage from at- tacks and threats but to dig one, two or three layers deep to understand behavioral or communal weak- nesses which allowed the breach to occur. QTo what extent can threat detection be improved and response automated? A There is a huge need to comprehensively share and apply threat intelligence from both commercial and open source providers. In sharing and constructively interrogating endpoints and networks for these tech- nical characteristics, it is possible to identify attacker methodology, functionality or behavior that would in- dicate a potential exploit. Automation then can be in- troduced to exponentially reduce time to respond as well as to remediate the threat. Security teams, sup- ported by the proper technology, can then evolve to- wards becoming proactive "hunters" with weapons that support a Continuous Automated Incident Resolution (CAIRTM) posture. The posture is broadened when the solution provides for job chaining and automates the it- erative "hunt-identify-resolve" sequence. R Devin Krugly VP, Product Marketing and Strategy Sponsored Content Learn how you can achieve Continuous Automated Incident Resolution. firstname.lastname@example.org 800.574.5199 • International +44(0)20 7010 7800