Network Detection and Response

Our Top 2020 Cybersecurity Insights

The transition from office to remote environments was abrupt and one of the most defining moments that the cybersecurity industry and professionals faced in 2020. We wrote about the top issues CISOs were facing throughout the year but also doubled down on sharing insights about the evolution of next-generation SOCs, the failure of SIEM platforms as organizations are experiencing them today, and how self-supervised AI fits into the equation.

Russian Hack of U.S. Federal Agencies Shine Spotlight on SIEM Failures in Cybersecurity

In what the New York Times is calling, “One of the most sophisticated and perhaps largest hacks in more than five years,” malicious adversaries acting on behalf of a foreign government, likely Russian, broke into the email systems of multiple U.S. Federal agencies including the Treasury and Commerce Departments.

Recent Ransomware Attacks on U.S. Hospitals Highlight the Inefficiency of Rules-Based Cybersecurity Solutions

A number of recent high profile ransomware attacks on U.S. hospitals have demonstrated the urgency for organizations, municipalities, and critical services to take a proactive approach to protecting networks with a predictive AI solution.

The Case Against Using a Frankenstein Cybersecurity Platform

The cybersecurity market has, simply put, been cobbled together. A tangled web of non-integrated systems and alerts from siloed systems. Enterprises are now being forced to utilize a “Frankenstein” of stitched together tools to create a platform that might cover their security bases.

Improving on the Typical SIEM Model

Despite its inherent flaws, today’s SIEM software solutions still shine when it comes to searching and investigating log data. One effective, comprehensive approach to network security pairs the best parts of SIEM with modern, AI-driven predictive analysis tools. Alternatively, organizations can replace their outdated SIEM with a modern single platform self-learning AI solution.

The Evolution of SIEM

It should be noted that SIEM platforms are exceptionally effective at what they initially were intended for: providing enterprise teams with a central repository of log information that would allow them to conduct search and investigation activities against machine-generated data. If this was all an enterprise cybersecurity team needed in 2020 to thwart attacks and stop bad actors from infiltrating their systems, SIEM would truly be the cybersecurity silver bullet that it claims to be.

Data Overload Problem: Data Normalization Strategies Are Expensive

Financial institutions spend five to ten million dollars each year managing data. A recent Computer Services Inc (CSI) study reveals that most banks expect to spend up to 40 percent of their budgets on regulatory compliance cybersecurity, often adopting expensive data normalization strategies.

What is Predictive AI and How is it Being Used in Cybersecurity?

The predictive AI field of machine learning collects, analyzes, and tests data to predict future possibilities. AI’s neurological network is patterned on the human brain. But AI works on a scale that goes far beyond what is humanly possible. The top uses for predictive AI technologies to protect sensitive data and systems are in network detection and response (NDR), threat detection, and cybercrime prevention.

Why a Platform With a Generative Baseline Matters

MixMode creates a generative baseline. Unlike the historically-based baselines provided by add-on NTA solutions, a generative baseline is predictive, real-time, and accurate. MixMode provides anomaly detection and behavioral analytics and the ability to suppress false positives and surface true positives.

Why The Future of Cybersecurity Needs Both Humans and AI Working Together

A recent WhiteHat Security survey revealed that more than 70 percent of respondents cited AI-based tools as contributing to more efficiency. More than 55 percent of mundane tasks have been replaced by AI, freeing up analysts for other departmental tasks.

NTA and NDR: The Missing Piece

Most SIEM vendors acknowledge the value of network traffic data for leading indicators of attacks, anomaly detection, and user behavior analysis as being far more useful than log data. Ironically, network traffic data is often expressly excluded from SIEM deployments, because the data ingest significantly increases the required data aggregation and storage costs typically 3-5x.

Whitepaper: Self-Supervised Learning – AI For Complex Network Security

Artificial Intelligence – or AI – has become a buzzword since it emerged in the 1950s. However, all AI systems are not created equal. In our white paper, “Self-Supervised Learning – AI For Complex Network Security,” Dr. Peter Stephenson explains the different “waves” of artificial intelligence. He uses the DARPA definitions for each of these …

Whitepaper: Self-Supervised Learning – AI For Complex Network Security Read More →

Encryption = Privacy ≠ Security

For the past few years, many have been talking about the changing “threat landscape” as it pertains to the increase in zero day, insider and phishing threats. While all of these threats are on the rise, and constitute a concern, there is, perhaps, an even larger shift presenting a threat to enterprises – the shift …

Encryption = Privacy ≠ Security Read More →

New Video: Why is network data the best source for actionable data in cybersecurity?

In a recent blog post, our Head of Customer Success, Russell Gray, outlined the reasons why network data is the best source for actionable data in cybersecurity. He covered the limitations of each of the elements of a typical security stack (SIEM, Endpoint, and Firewall) and the importance of network traffic analysis (NTA) in the …

New Video: Why is network data the best source for actionable data in cybersecurity? Read More →