Since the dawn of the internet, cybersecurity has been a non-stop game of chess where the bad guys have been first to move. As new vulnerabilities and attack methods have come to light, new security products have been developed. Over time, this has created a security stack that is complex, bloated and inefficient. Additionally, because tools are operated in silos, attackers have been able to hide in the blind spots that result.
Visibility is a Pressing Concern
Visibility is the cornerstone of security, and as such should be the underpinning philosophy of enterprise security. It is also one area where enterprises have the most opportunity for improvement; in our recent State of Threat Detection 2019 research, 53% of respondents identified lack of visibility as an urgent priority. But the complexity and size of security stacks are further hurting organizations’ visibility efforts. Security stacks contain duplicative and under-used solutions which create blind spots for attackers to operate. This is a dire problem, as our research found that only 7% of organizations are currently using their full security stack, while 61.5% leave half or more of their entire stack unused.
The Dwell Time Advantage
The lack of visibility, along with bloated security stacks, means attacker dwell times can sometimes be measured in months. While attackers can operate at their own leisure, analyst teams must painstakingly try to correlate siloed pieces of information in order to understand the full context and implications of security incidents. Many analysts must do this manually, decreasing the time it takes for them to respond to alerts and incidents. As a result, attackers are given a massive advantage over the security teams combating them. Adversaries are given freedom to hide undetected with ample time to plan out their strategy and attack, while security analysts are scrambling to manage and triage an overwhelming volume of alerts being generated by their inefficient security stack.
Taking Back the Visibility Advantage
In order to effectively defend the enterprise, security teams must have holistic, correlative insight into the environment. Enterprise security is hardly secure if it does not cover the entire enterprise. However, many enterprises continue to function under the false premise that their environment is composed of multiple pieces working together instead of a unified, interconnected environment. In order to gain holistic security, security teams need to be able to view their environment as an attacker does – seeing paths from host to network and lateral paths that allow attackers to burrow deeper into the enterprise. While enterprises can begin to address this problem by streamlining their security stack, truly transformative change will only be brought about by centralizing visibility and operationalizing incident response.
The Fidelis Difference
In a recent series of product reviews of the Fidelis Elevate platform, SANS analyst Matt Bromiley pointed to holistic visibility as Fidelis’ greatest strength, stating:
“One of our favorite takeaways from using a platform such as Fidelis Elevate was being able to exercise the concept of holistic visibility, meaning the environment is ingested, analyzed and treated as a single unit. Holistic visibility allows for threats to be analyzed and neutralized faster, and lets organizations make confident decisions that truly affect enterprise security.”
In order to build a successful security posture, security teams need holistic visibility and the ability to correlate related events across the entire environment. This is critical for alert triage and incident response, as it acts as a workforce multiplier that enables junior analysts to function at a much higher level. With this visibility of the environment and understanding of attacker movements and methods, organizations can anticipate threats and shift their security posture to a more proactive strategy and shorten time to detect and uncover threats.
If you are interested in learning more about how Fidelis Elevate executes on the concept of holistic visibility, I encourage you to read the recent two-part SANS product review for Fidelis Network and Deception and Fidelis Endpoint. I also recently talked in depth with the author of those reports, SANS analyst Matt Bromiley, in our two-part webinar series: Elevating Enterprise Security with Fidelis Network and Deception, and Elevating Enterprise Security with Fidelis Endpoint.
Highlights from the product reviews include:
- Fidelis Elevate offers true holistic visibility, with the capability to view the state of security of the entire organization from a single screen.
- Conclusions, derived from the confidence attributes of alerts, offer correlative alert activity that enables single-screen investigations.
- Investigation decision options are available with each alert, enabling immediate alert handling.
- Fidelis Elevate allows for custom tasks, playbooks and analytics, providing the capability to customize the platform to meet the organization’s needs.
- Fidelis Elevate provides network, endpoint, and deception technology to dig deep into packets, identifying protocols and applications, and allowing for payload examination; to analyze processes as they execute; to discover the assets in the cyber terrain; and to dynamically alter the terrain by dynamic deception to detect and collect attackers’ motives.