Time to attack succeeded shortly, alert overlooking was fatal
As cyber attacks become more sophisticated and complex, countermeasures at the enterprise side are also becoming more complicated. Looking at the information security promotion organization (IPA) ‘s Information Security Promotion Agency (IPA)’ s Information Security Ten Great Threats 2017, which introduces information security incidents with a large social influence in ranking form, it starts from the 1st place “information leakage by target type attack” From damage by wear “,” ingestion of personal information from Web service “,” falsification of Web site “,” emergence of vulnerability of IoT equipment “, the object to be attacked is wide and diverse. In order to prevent these, it is necessary to detect and deal with unknown malware and attacks aimed at vulnerability, illegal login, communication deviating from rules, etc., and it is necessary to detect and deal with multiple security products such as IPS / IDS, sandbox, SIEM, DLP Must be introduced in multiple layers.
However, as the type and number of products to be introduced increases, the cost and operational burden increases. A particular challenge is a technical hurdle.
Mr. Yasuhiro Sakuragi of iD-SIRT, Deputy Director of Information Development, Cyber Security Solution Department, reveals the challenges facing the site. “Although I visited a customer, I was introducing a rich enough security product, but because I was not properly set up, I could not detect important events, and I was notified day by day The alert was so enormous that I could not keep track of it and I could overlook serious warnings. “
92.9% of invasion succeeded in less than a few minutes, 98.6% of data leak occurred within a few days after intrusion ( Verizon “2016 data breach / infringement research report” ) Currently, individually introduced security products It is no longer practical to monitor with each management console and to identify and deal with the threats that need to be addressed as soon as possible. He points out that it is one of the important matters for companies to enhance cooperation of each product, discover and deal with threats at high speed based on correlation analysis, and to construct a mechanism that can simply realize these threats.
Automated SOC operation with AI technology / machine learning
Seceon Open Threat Management (Seceon OTM) of US security venture company Seceon presents one solution to these challenges. Sales began in April 2017 by information development that concludes an exclusive sales contract in Japan. The company supports introduction etc.
Seceon OTM monitors communications flowing in the corporate network to learn normal communication patterns, and when abnormal communication is detected, it refers to “dynamic threat model”, “user behavior analysis”, “high speed big data” Automatically judge threats, apply port shutdowns and changes in user authority to security products and network equipment, etc. to prevent threat expansion. Then, customize and optimize rules automatically to prepare for future threats. You can shut out these threats in near real time. Read more
