“Organizations that combine comprehensive visibility, continuous monitoring, advanced analytics, and efficient incident response orchestration are well-positioned to identify and respond to the early indicators of an intruder and rapidly neutralize the threat,” Jonathan Zulberg, VP – Innovation, Design, and M&A, LogRhythm in an exclusive interview with ITSecurityWire.
ITSW Bureau: With cyber-attacks on the rise and continuing to become more sophisticated, how can organizations get the needed real-time insights that may potentially introduce risk to the organization?
Jonathan Zulberg: In today’s rapidly evolving threat landscape, organizations need the right security tools in place to eliminate blind spots across their entire network.
Whether an organization’s security solutions are in the cloud or on-premises, we are seeing greater demand to ensure that every device is monitored for complete visibility. Real-time visibility is the key to reducing the time to detect and respond to an attack.
To gain the insight needed to stay ahead of threats, organizations can benefit from the deployment of a Security Information and Event Management (SIEM) platform. This allows organizations to see the traffic flowing to and from all devices in the environment, enabling teams to take control of their security outcomes by quickly identifying and prioritizing new threats.
Organizations can also strengthen their operations by deploying real-time Network Detection and Response (NDR) solutions. By combining Machine Learning (ML) and threat intelligence, they can gain a true representation of all network activity. This means that security teams spend less time gathering information and more time remediating threats with increased automation and efficiency.
ITSW Bureau: Many organizations still find themselves trapped in managing SIEM infrastructure, administration, upgrades, or troubleshooting capacity issues. This prevents them from protecting the critical assets of the organization. How do you suggest organizations deal with these?
Jonathan Zulberg: The management of cyber-attacks is becoming more time-consuming as risks rise. When fighting cyber threats, it’s vital for organizations to be as efficient as possible–especially when operating with a small team.
Organizations can remove complexity from their security operations by deploying a cloud-based SIEM platform. A cloud-based approach makes it a lot easier for organizations to deal with infrastructure monitoring as it automatically applies the latest software patches and updates.
To alleviate pressure on time and resources, Security Operations Center (SOC) teams should also be exploring how to automate as many processes as possible. Security Orchestration, Automation, and Response (SOAR) capabilities give organizations the tools to automate mundane tasks. Instead of spending time on regular maintenance, monitoring SIEM health, and troubleshooting, security teams can focus on more complex risks.
The ability to automate is vital for overwhelmed security teams. Not only does it eliminate human error, but it also ensures that precise decisions can be made.
ITSW Bureau: Given the pace with which the malware comprises the infrastructure, how can organizations accelerate their threat mitigation activities?
Jonathan Zulberg: We’re witnessing constant innovation in the ways cybercriminals operate; they’re testing, adapting, and changing tactics to throw off security teams, making it harder to predict their next moves.
When faced with new threats, it’s important organizations strike a balance between the risks and measures needed to defend against them. Without rapid and accurate threat detection, an organization’s mean time to detect and respond to damaging cyber-attacks is compromised, giving attackers an ideal opportunity to steal or destroy sensitive data.
Organizations that combine comprehensive visibility, continuous monitoring, advanced analytics, and efficient incident response orchestration are well-positioned to identify and respond to the early indicators of an intruder and rapidly neutralize the threat.
Alongside this, I believe staff must be aware of the threats their organization faces, and cybersecurity training is a key driver of that. Providing cybersecurity awareness training empowers employees with the knowledge they need to proactively detect and mitigate a threat before it can cause damage.
The deployment of security operations platforms and staff training offers the ideal centerpiece to address today’s cyber threat landscape. The combination of these elements is essential to giving organizations the foundation they need to accelerate their threat response.
ITSW Bureau: What trends do you think will emerge in SIEM? What steps should organizations take to prepare and keep up with them?
Jonathan Zulberg: As cyber threats move forward, it’s crucial that SOC teams are able to combat new and emerging threats in ways that can offer them scalable visibility, detection, investigation, and response across their entire network.
Looking ahead, the need for SIEM technology will only continue to grow, with a greater focus on predictive cybersecurity as a differentiator. This is where ML and Artificial Intelligence (AI) come in, enabling new levels of visibility and efficiency in an organization’s ability to detect and mitigate security risks.
ML and AI can deliver strong predictive capabilities when it comes to recognizing certain types of patterns. These tools offer more advanced detection than manual investigations and provide a more comprehensive analysis by identifying typical patterns of activity and detecting anomalous behaviors that could signal an attack.
SIEM transformation through predictive cybersecurity is an emerging approach that will continue to develop over the next few years. Organizations need to ensure they’re staying on top of new risks and now is the time to understand how these technologies can be better deployed to achieve greater threat detection and protection outcomes.
Jonathan Zulberg is VP – Innovation, Design, and M&A at LogRhythm. Within this role, he oversees product innovation through close collaboration and feedback from customers to address their most pressing concerns.
Jonathan joined LogRhythm in 2011 working as a solutions consultant for four years. He joined the LogRhythm team because he was excited by the prospect of turning big data into actionable data and using an organization’s own information to detect breaches.