You Can’t Stop What You Can’t See
The advanced threats facing organizations today – across all industries and company sizes – are sophisticated and outmatch most organizations’ security capabilities. But it doesn’t have to be that way. We will begin our session by revealing a previously unknown threat actor and its TTPs based on new RSA research. We will use this research to set the stage for a discussion about the world of advanced threats – including individual organizations, their TTPs, and the ecosystems in which they operate – and the daunting realities facing organizations today. From that foundation, we will move into a discussion about why traditional security programs are increasingly failing to detect and prevent these attacks, focusing predominantly on two factors – visibility and understanding. Traditional security tools such as SIEM are not able to provide the fine-grained visibility necessary to monitor for and detect the TTPs of advanced threat actors. The most recent Verizon Data Breach Investigations Report indicates that SIEM, the source of visibility for the vast majority of organizations, was only able to see 1% of advanced threats. We need to evolve our approach to visibility to ensure comprehensive visibility. We need to see everything to make sure nothing is missed. But visibility without understanding what you are seeing is worthless, as many organizations learned over the past year when their advanced security systems were able to see advanced threats but not make sense of them. We must move to a security approach that relies on strong analytics to make sense of and understand the visibility our advanced systems can give us. We will end with an overview of the steps organizations can take to review their own visibility and analytical capabilities and begin closing the gap between their current state and desired end state based on their security maturity level, staffing, and resources.