How to drive value with security data
Raffael Marty, Security Innovator, and Thought Leader
Enjoy Full Access To LogPoint Webinar
The primary goal of a security practitioner should be to try to be able to detect and recover from security breaches as quickly as possible in order to minimize their impact.
Raffael Marty, Security Innovator, and Thought Leader share his passionate take on the state of cybersecurity and how the industry is evolving, and how teams, businesses can drive more value with security data.
Additional thoughts for IT teams:
The fact that digital resources are based on software means that log data is often readily available and with the addition of a SIEM, we can essentially put a detective control on every device or application that can produce a log.
We can leverage threat intelligence for lists of known IOCs (indicators of Compromise) to aid in the detection of threats. This approach has been used successfully for decades with tools like AV, IDS, Spam filters, etc, however, this approach comes with some challenges.
As we all know, perfect security is impossible… Security practitioners should not assume that they can thwart all security breach attempts and should plan for the eventuality that some will compromises will occur. The primary goal of a security practitioner should instead be to try to be able to detect and recover from security breaches as quickly as possible in order to minimize their impact.
LogPoint provides two ways of implementing behavioral techniques: First, with its alignment to MITRE ATT&CK, LogPoint enables an easy way to better understand and detect the behaviors of adversaries. Second, UEBA provides another complementary behavioral analysis security technique by helping security teams to better understand when something out of the ordinary could be an indication of a compromise.
Together these approaches along with best-in-class log collection and analytics enable organizations to process billions of security events and thousands of alerts into a prioritized, manageable list of a handful of security incidents. LogPoint’s mission is to enable security teams to quickly detect and respond to threats in order to minimize the number of time adversaries can spend in the environment and the damage they can cause.