Do I know you? Solutions to help identify a stranger in your environment

Enterprises continue to struggle with the key security challenges of skill shortage, the rapidly evolving threat landscape, and the lack of threat visibility. Threats are forever changing, and without the skilled team to identify those threats, companies need to invest in solutions that will allow them to identify anomalous behaviors in their environment.

Maybe.

Some would argue that in addition to information overload, the cybersecurity industry is suffering from start up overload. In order to be more than just the little engine that could, they need to be more than just a one-trick pony.

Throwing money at products is never a good idea, especially if you don’t have a clear understanding of whether the product will complement or complicate your security ecosystem.

You not only need to be able to identify the unknown in your environment, but you also need to identify what will be a quality product that offers real security solutions to help you detect and defend against malicious actors in your environment.

Energy CIO Insights put out a list of the Top 10 security and risk management solution providers for 2016. CYBERBIT, a wholly-owned subsidiary of Elbit Systems, was honored as one of those top 10, an impressive recognition for a growing company.

CYBERBIT’s security portfolio includes Endpoint Detection and Response powered by deep-learning, SOC 3D, providing intelligence-driven security operations management and automation, and a Training and Simulation platform that prepares SOC teams for complex incident response scenarios.

That sounds impressive. Some might even jump right to “that’s what we need!” But hold on just a minute.

Stephen Thomas, vice president of sales at CYBERBIT, said, “We see companies seeking ways in which they can leverage analytics to identify anomalous behaviors. There is a trend away from prevention toward the end point detection and response space.” 

Identifying the unknown is one of the latest security trends for which people are looking to find solutions. “What has classically been UBA solutions and big data analytics platforms is now converging with end point solutions. The two worlds are beginning to come together, leveraging big data on premise or in the cloud,” said Thomas.

Running the algorithm in both places allows the security operation center (SOC) analyst to dig in on user behavior. “We have watched the fact that people are using social engineering to get in, but now we are looking at a binary level for malicious behavior. We can see the moment of code injection and that allows the organization to then actively hunt for that binary in the environment,” said Thomas.

[ ALSO ON CSO: The CSO identity management survival guide ]

Finding the unknown threat is the current popular flavor of visualization, but before allotting precious resources to any solution, it’s important to know whether your enterprise is the right candidate to buy this stuff.

Thomas said, “From a UBA tech landscape, if you don’t have an analyst on staff and don’t have a SOC as a foundational item, EDR in house is not right for you.”

[ RELATED: How to buy endpoint security products  ]

An alternative route for the CISO who is responsible for building the risk framework but hasn’t been funded for a full SOC is to explore the managed security service provider market as they will host the EDR environment for the customer to fully investigate the behaviors, said Thomas. 

What most security teams struggle with right now is how to deal with the noise. “They are looking at what is happening in the orchestration space, and that to me is the next big thing from a security standpoint,” said Thomas.

Identifying outsiders is great as are detection and response tools, but Thomas said, “The pane of glass–the solution or platform–your SIEM data, vulnerability assessments, detection and response tools. Taking all of the tools and all of the different noise created in the environment by the alerts and finding a single point of correlation. It’s about understanding the environment.”

If the cybersecurity bubble is indeed about to burst, then we should expect to see the most reliable and innovative solutions rise to the top. Before investing in new products, take the time to winnow out the wheat from the chaff.

Yes, you need to be able to identify a stranger in your environment, but you also need to be able to determine which products and solutions will work in the layers of your security system.