Early identification of emerging cyber
Professional attacks and reaction
Increasingly, cybercriminals are seeking to circumvent defensive mechanisms. Companies must presume that an assault would succeed eventually. Therefore, the ability to detect and respond to cyberattacks
Be extended. Be enlarged. Artificial intelligence ( AI ) technology is
Helpful, but can not substitute for experienced CSIRT and security analysts
Interpreting warning incidents and taking protective action. You can not benefit from your own detection/response teams Managed resources. Managed services.
A single protection layer is not enough
to prevent cyber attacks…
The danger to the companies are not only complex, so IT infrastructure must be protected first, but the growing value of virtual assets also creates more incentives for attacks: many attacks are powered by financial interests and highly concentrated criminal activities. The budgets available for attackers then increase, which makes the attacks more complex and demanding. Cyber offenders have become more skilled and use more automation.
Secondly, safe IT structures, facilities and data are becoming increasingly heterogeneous. Cloud platforms are used for business-critical tasks in addition to servers, clients and mobile devices, many users operate from home, and the number of Internet of Things ( IoT) devices is rising rapidly.
Clever circumvention of safety structures
Cyber criminals tend to keep their attacks as long as possible under the radar, because the more information they can steal after they have successfully accessed networks.
Cyber attackers manage to bypass current security structures and penetrate company networks by using sophisticated attack tactics such as fileless attacks and advanced persistent threats.
Here the attacks need to be identified as quickly and accurately as possible to protect against and contain the intruder. For example, the Ponemon Institute’s 2020 data breach cost found that businesses around the world need an average of 280 days to locate and contain an incident.
As the study shows: data violations that require more than 200 days to detect and contain costs an average of USD 1 million more than those resolved within 200 days. But still, 200 days is too long for safety accidents to be identified and defended.
Detection of attacks requires
technology and expertise…
Detection includes different facets of cybersecurity: first, current weaknesses in systems and services that need protection must be detected. Uncontrolled and unprotected vulnerabilities can be open to attack, thereby detecting vulnerabilities and possible attacks. If an attack has succeeded and there has been an IT security incident, the incident should be identified as soon as possible.
Cybersecurity detection uses different technologies, but technology alone can not perform the tasks required for detection. While many technology providers pledge that their systems will function more smartly and more independently, the reality is different, and this will probably not change soon.
Need for human in the process of detection of attacks…
In conjunction with technology, identification often needs the expertise of security experts. This is immediately apparent as automated technology-based identification produces a high number of false positives.
A high level of expertise and frequent monitoring is needed to determine how much automation to capture attackers should be used.
This is because harmless actions will unnecessarily activate alarm levels, increase the work of the security staff and increase the likelihood that accidents in the drift of false-positive events can then be ignored.
Researchers at the Center for Internet safety at the Westphalian University of Applied Science in
Gelsenkirchen demonstrate that if one considers potential cybersecurity scenarios, it can be concluded that both the attacker and the protector have an intelligent combination of persons and AI.
Security experts at security operation centres (SOCs) say cyber attack defence is often a collaborative effort between humans and machines. The automated system produces a security event during a preliminary detection process and whether there are sufficiently red flags. The case must then be assessed by security professionals prior to reporting a safety incident and containment measures.
The complex interplay between human and machines…
The value of the expertise of security experts and thus of people is already clear because machinery can not perform a task alone by choosing detection methods and solutions. Security experts evaluate the advantages of the different detection approaches and suggest the required tools.
This ensures that people build and periodically revisit the detection definition before using automated systems to identify and resolve new threats and attack techniques.