Threat Detection and Response at Black Hat 2019
Tens of thousands of security professionals descended upon sweltering Las Vegas for this year’s Black Hat security conference. Attendees spent many days attending high-quality training, watching engrossing talks covering every security topic under the rainbow, having a blast at many of the evening events, and traipsing through the Vendor Hall to grab some swag and check out the latest and greatest in security technologies.
Threat Detection and Response
And one of that front-and-center this year was the increasing push towards detection and response technology. As I walked the floor this year I saw countless displays declaring how their solution was *the* technology for all your detection and response needs. But how do you know for sure you’re picking one that will do what you need? How can you maximize your security dollars and get the most value? Let’s spend some time discussing some of the key things to look for and some important questions to ask.
- The data that flows in and out of your network shows no signs of abating, and internal traffic continues to grow at a breakneck pace. Can your solution scale to meet those demands?
- Beyond that, can your solution monitor not only north-south traffic but east-west as well…and can it monitor that traffic in real-time?
- You’ll likely miss part of the complete picture without seeing *all* of the traffic in your organization. How well does it integrate with your other security tools?
- We all know security analysts aren’t interested in yet another dashboard added to their workloads. Does your Detection & Response vendor give you alternative methods of integrating their solution into some of your other existing tools?
- What sort of files can the product detect or analyze? Is it limited to just executables, or can it analyze malicious content hidden in other common threat vectors like Microsoft Office files, PDFs, or in web-based files like scripts?
- If and when your solution finds something, what exactly does it do then? Can it automatically apply response protocols to the incident, or does it just send an alert to an overworked SOC analyst for triaging and (hopefully) quick remediation?
- Will it tell you exactly what the abnormality was, and what was observed?
- How much Threat Intelligence does the solution generate, and how easy is it for your analysts to learn exactly what happened in order to apply that learning to future incidents?
- What kind of learning models are in use by the product? Can it find new or novel malware, or does it require time to find new things?
- How technically proficient is the vendor? Are they continually improving and investing in their AI/ML innovation? Or are they using someone else’s technology entirely? Finding a vendor with a strong in-house team of ML technical experts isn’t always easy.
- Finally, how is the solution licensed? Can you deploy sensors anywhere without additional cost? Can you deploy on-premise or in the cloud to meet your own unique needs? Does it provide you with the flexibility you require not just for today, but for where you see your environment in a few years?
Lastline’s Cyber Threat Assessment Program
It can be incredibly difficult to cut through all the noise and find something that really works and does what you need. At Lastline, we believe we have a unique solution that not only answers all of the questions above but excels in every facet of Network Detection & Response. But don’t take my words for it, let us prove it to you.
Our new, free Cyber Threat Assessment Program allows you to see the power of true AI/ML-powered security, and the ask from you is as lightweight as can be: with nothing more than some Netflow data, we can show you all the threats and abnormalities currently inside your environment that your other tools miss.
Read more about the Lastline Cyber Threat Assessment program.
I hope everyone had a great time in Las Vegas last week!