1 / 6

Threat Detection and Response

Seceon is Advanced Network Detection & Response Platform That Provides Scale, Scope & Consistency. Deployed in the Cloud or On-Premises, Detect & Protect against Cyber-attack. Call Us: 1 (978)-923-0040

Companyseceon
Download Presentation

Threat Detection and Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ThreatDetectionandResponse As organizations are hosting their critical data on virtual servers and withgreateruseofnetworking,automation,andtheinternet,therisks associated have increased manifold in cyberattacks. As in any other activity, intelligence is critical to ward off any attack by enemies. In the IT context, threat intelligence and detection are the knowledge that allows businesses and government organizations to prepare and preventsuchattacks. Threat intelligence is backed by data that allows one to know in

  2. advance the attackers’ identity,their motivation, how capable they are.Thisalsoindicates thatareasinthesystemareweakor vulnerable, which could be the potential target. By knowing this crucial information’s as an intelligence input, cyber experts make informeddecisionsonhowtobeefupthesecurity. ThreatdetectionisaddressedbySeceonthroughUser Entity Behavior Analytics (UEBA) riding on Machine Learning algorithms to identifyvarioustacticsandtechniquesusedtheperpetrators. ThreatDetection This activity is carried out in the IT ecosystem that helps scan and analyze the entire network and identify if there is any malicious activity that can compromise the network. If any threat is detected, theeffortstomitigateandneutralizethembeforetheycanexploitthe vulnerabilitiespresentinthesystem. Getting breached canbe anightmare for anyorganization,and almost all organizationsarenow prioritizingtheir cybersecurity controls. They are putting the smart technologies and people to work ontheinformationreceivedbycreatingadefensivebarrierin anticipation of anyone trying to cause trouble. Cyber security is an ongoing process and continuously needs to be alert as it is not a guaranteeagainstattacks. Theconceptofthreatdetectionismultifacetedwhenreviewed againstspecificsecurity programsofdifferentorganizations.The worst-casescenariosmustalwaysbeconsideredwhenirrespectiveof thebestsecurityprogramofanorganization,somethingslipspastthe defensive or preventive technology and becomes a threat to the system. ThreatDetectionandResponse Speed is the essence when it comes to threat detection and mitigation. It is crucial for security programs to detect threats efficiently and quickly so that attackers do not get enough time to zero into sensitive data. A defensive program is wired to prevent most threats based on their past experience and analysis. This means they know the attack pattern and how to fight them. These threats are

  3. considered “known threats.”Inaddition to them,there are other threats of the “unknown’ variety which organizations have to detect and battle against. This implies that these threats have not been encountered before, as the attackers may be using new techniques andtechnologiestocircumventtheexistingbarricades. • Itis also seen that even the known threats can sometimes slip through the defensive measures. This is why organizations should lookoutforbothknownandunknownvarietiesin theirIT environment. • So how can an organization ensure that they detect both known and unknown threats before any damage is caused? There are several waysonecanboostone’sdefensearsenal. • Threatintelligenceleverage • Threat intelligence helps to understand past attacks and compare them with enterprise data to identify new threats. This is effective when detecting known threats but may not provide valuable inputs for unknown ones. Threat intelligence is used frequently in antivirus, IDS orintrusiondetectionsystems,SecurityInformationEvent Management,andwebproxytechnology. • Settingtrapsforattackers • Attackersfind sometargetstootemptingtoleavethem.Many security teams know this and set up bait for the attacker, hoping that they succumb. An intruder trap could be a honey trap within the in- housenetworkservices.Theymightappearappealingtotheattacker, who prefers using the honey credentials with all the user privileges. Thisattackergoesaftertriggersanalarmtothesecuritysystemdata. Thesecurityteamgetsalertedtopotentiallysuspiciousactivityinthe networkand nudgesthemto investigateevenifnothinghas happened. • Behavioranalyticsofusersandattackers • Usingtoolsforuserbehavioranalytics,anorganizationwillbeableto • Understand the expected behaviorofitsemployees.Forexample,

  4. whatkindofdataemployeestypicallyaccess,whattimetheyusually login into the system, and from which location. A sudden change in their behavioral pattern, like login into the organization systems at 2 am fromanotherlocation,arousessuspicion astheconcerned employee usually works from 9 am to 5 pm and never travels. This unusual behavior calls for an immediate investigation by the security team. • Forattackerbehavioranalytics,itis challengingasthereisno referenceorbaseline benchmark foractivity comparison. Here one hastolookoutforunrelatedactivitiesdetectedonthenetwork,which attackersleavebehindasbreadcrumbsactivity.Here,boththehuman mind and technology get together to put in place pieces of crucial information that help form a clear picture of what the attacker could beuptoontheorganizationnetwork. • Carryingoutthreathunts • Instead of waiting for threats to appear, the security team takes a proactive approach. It goes outside their network endpoint to look for attackers that may be lurking nearby. This is an advanced technique used by security experts and analysts who are threat veterans. Also, usingall theabove combinationsof approaches isanexcellent proactivewaytomonitordata,assets,andemployees. • Two-prongedapproach for threat detection • Foraneffectivethreatdetectionstrategy,bothhumanandtechnology is required.The human component is thesecurityanalysts who analyze the trends, behavior, patterns, data, and reports and identify deviantdatathatindicatesapotentialthreat. • Technology also plays a crucial role in detecting threats though no singletoolcandothisjob.Instead,thereisacombinationoftoolsthat are collated across the network that helps to identify the threats. A robustdetectionmechanismthatneedstobedeployedincludes. • Aggregatedatafromeventsinthenetwork,includinglogins, networkaccess,authentications. • Monitoringthetrafficpatternsandunderstandingtheminthe

  5. organizationnetworkandtheinternet. • Detectingendpointactivityonusers’machinestounderstandany maliciousactivity. • Seceon’sSolution • AcompromisedCredentialisaclearindicatorofaninsidertryingto gain access to information that he or she could potentially misuse. Asshowninthescreenshotbelow(aiSIEMPortal),aparticularuser wasfoundtobeloggingintoanunexpectedhost–whichwasa departurefromprofiledbehavior. • DataExfiltrationisalsoanactivitythatmaybeundertakenbythe insider. In this case, there may be indicators of increased communicationwithahigh-valuehost.Thetechniquesappliedare similartoDataBreachDetectionusecase. • Conclusion • By employing a combination of defensive strategies and methods, organizations increase their chances of detecting threats quickly and effectively canceling them out before any damage to the network is done. Cyber security is a continuous process, and service providers like Seceonuse the most advanced artificial intelligence forthe technologyrequiredforthreatdetection.Theyprovide remedial platforms for organizations beyond traditional defense tools that are often silos in nature. By providing a comprehensive real-time analysis ofvulnerabilities,theydetectthreatsandeliminatetheminreal-time.

  6. Contact Us Address -238 Littleton Road, Suite #206,Westford, MA 01886, USA Phone Number - +1 (978)-923-0040 Email Id -sales@seceon.com info@seceon.com Website -https://www.seceon.com/

More Related