2021 is proving to be such an eventful year for cyber security market and industry. With new technology innovations as well as disclosure of high-profiles security breaches that guarantees to raise the eyebrows and the nerves of many, especially the society that defend IT and digital assets on a daily basis. The challenges keep on mounting for most government and commercial organisations to safeguard all digital assets from service interruption, data theft, and online extortion or ransomware. We take a quick look of the emerging trend for 2022, learning from what we have seen thus far.
Welcome to Syntx and in this blog page, we will take the opportunity to share with the readers our views on the current, interesting and ongoing conversation that would be useful for businesses to augment their knowledge and make better decisions in empowering continuous cyber security trust and resiliency.
Cybercrime Up 600% During COVID-19 Pandemic - The United Nations (UN)
The pandemic had inadvertently accelerated the new way of thinking and propelled digitization in various business sectors. Major concerns remain as whether organization today are ready or have they reached the required maturity level yet (People, Process and Technology) to ensure online safety when deploying mesh technologies and solutions to quickly enable mobility to their staff, clients and partners.
Familiar challenges faced by many management teams still persist as they also struggled to boost the awareness amongst staff and non security-savvy board of directors in a very short period of time. As attackers are now deploying more sophisticated attacks, using advanced tools, techniques and processes, the pressure to have holistic visibility on network and infrastructure is mounting. In addition, the increased novelty that attackers have in masking their tracks jeopardizes security teams agility to detect and deter abnormalities rapidly. Adjacent to all these, lack of clear directions, consolidated plans and openness or transparency in reporting and sharing details by victims of an incident hinders the speed of understanding the wider impact that is crucial to build the defenses, responses and future capability and antidote required.
Innovative approach is needed to combat the risk poses by the next wave of cyber threats. Below is our prediction on 6 technology trends that will dominate 2022:
#1. Detection & Response Technology
Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) solutions are both designed to provide automated threat detection and response through data visibility and the use of threat intelligence and data analytics. EDR empower the analyst to gain complete visibility over the endpoints, detect threats in seconds & remediate malware with as minimum as one click. Most EDR provides a single paint of glass view to analyst allowing real-time queries to the endpoints, extended searches for both Indicators of Compromise (IOC) and behavioral indicators, together with advanced data-mining for discovery of dormant threats.
With mesh combination of multiple network devices in an organisation, attempting to correlate different sources of information with point solution could create blind spots and overwhelmed the security teams. Hence XDR on the other hand, delivers holistic protection by integrating all key security data from not just the endpoints, but also email, network, and cloud workloads to stop sophisticated attacks. Both EDR and XDR allows crucial capability for security teams to analyze alerts from any source with a single click to instantly understand the root cause and sequence of events. Deploying EDR and XDR can provide automated and reliable solution to stop exploits that could lead to ransomware infection, block malicious files, and identify malicious behavior to shut down attacks.
#2. Security Orchestration and Response (SOAR)
As attacks are on the rise, security teams are turning to automation to help them stop sophisticated threats more efficiently and effectively. Deploying the SOAR technology will see the security team moving away from manual, fragmented and burdensome processes of triage, threat hunting and responding to incidents.
Gartner also suggested that SOAR can automate monotonous security tasks, help security teams respond to security incidents faster, and increase team productivity and efficiency. SOAR is also becoming ubiquitous in managed security and managed detection and response services by helping providers improve client interactions, speed and consistency when detecting and responding to threats.
In a survey conducted by Palo Alto, it was reported that COVID-19 pandemic has led 47% of respondent to increase their use of SOAR. The increasing number of cyber attacks burdens security teams especially incident responders to speed and scale their activities within very limited period of time. SOAR enables the security teams to shorten their workflows whilst reducing the alert fatigue so decisions can be made faster and wiser, focusing on the most important incidents at its crucial moment.
We anticipate 2022 as the year where more organisations with mature processes, will look to SOAR to drives the streamlining of Incident Response (IR) processes by connecting disparate tools (e.g., SIEM, Vulnerability Management Tools, Threat Intelligence Platform, EDR, XDR and others) and automating manual, repetitive tasks that don’t require human intervention.
#3. Breach and Attack Simulation (BAS)
Vulnerability assessment (VA) or Security Posture Assessment (SPA) are two capabilities that are essential for organisations to discover potential gaps within their perimeter defenses. It helps in early detection of security weaknesses and lapses within configured parameters that could be exploited and lead to potential compromise of digital assets. However, the downside is that VA or SPA are generally performed on ad-hoc basis and is more suitable to offers a snapshot of an organization’s defenses at a specific point in time only.
BAS is a technology that can automatically spot vulnerabilities in an organization’s cyber defenses, akin to continuous, automated penetration testing. BAS offers more than just pen testing and red team insights, going further in recommending and prioritizing fixes to maximize security resources and minimize cyber risk. BAS can emulate a human-led assessment with better consistency, provide faster reporting and at a fraction of the effort.
Most BAS technologies in the market today are built on the MITRE ATT&CK framework of adversary tactics, techniques, and procedures (TTPs) and emulates those TTPs to exercise security controls in the same way an adversary does, in production. Security teams can ascertain the effectiveness of current controls deployed, its efficacy in defending against attacks previously used by real-world attackers on other victims.
#4. Vulnerability Assessment & Management Solution
With the rise of vulnerabilities in the evolving threat landscape and complicated mesh of technology stacks deployed, security teams are being challenged to ensure exposure to known security threats are being identified, assessed and managed effectively. The natural way for security teams to handle this conundrum is
turning to automated security testing in order for their testing to be more frequent, thorough and simpler to perform.
Complimentary to ongoing manual VA or SPA exercises, an automated vulnerability assessment and management solutions enable businesses and governments to accurately assess and manage security weaknesses in their networks, applications, industrial systems and networked software at a fraction of the cost of human-based penetration testing. The true value of this technology that it combines vulnerability data, threat intelligence and data science for easy-to-understand risk scores to quickly assess risk and know which vulnerabilities to fix first. This can free up precious security team's time to focus on which vulnerabilities that poses the greatest danger to remediate and take action first.
#5. Threat Intelligence Platform (TIP)
Cyber Threat Intelligence (CTI) is becoming a critical capability towards developing situational awareness crucial in the ongoing effort of preventing and responding to cybercrisis. Government and corporations are relying on trusted intelligence feeds to augment their security teams with contextualized vulnerabilities, adversaries and incident information to make quick preemptive adjustment to security strategies and daily operations.
The general concept of CTI is an analyzed information about the intent, opportunity, and capability of malicious threat actors. However if the organisation have no clue on how to use CTI, fail to identify what is applicable to them or its level of importance and urgency, the intelligence feeds is rather useless. Receiving too many intelligence feeds without means of filtering, correlating, enriching and disseminating CTI will create an intelligence feeds fatigue and waste investment (Time, resources, and budgets) away.
TIP allows CTI team with the automation, performance, flexibility, and integrations needed to assimilate the power of threat intelligence within their daily operations. Tip can boost the performance of security teams by uniting machine-powered threat data processing and dissemination with human-led data analysis and collaboration, without compromising on analyst control, freedom, or flexibility. This allows ingestion of higher intelligence (structured or unstructured) , enable quick extraction and understanding of the threat, how its impacting the business and accelerate the intelligence operationalization. Security teams can then maximize the true value of intelligence aggregations, correlation and anomaly detection at a faster speed as the technology automates and simplifies much of the work analysts have traditionally done before.
#6. Next-Generation SIEM
Central to establishing effective visibility of threat detection and compliance is having the capability to collect and analyze dispersed security event logs and telemetry in real time. A Security Incident and Event Management (SIEM) technology aggregates and normalize event data produced by security devices, network infrastructure, systems and applications.
With growing number of attacks that government and organisations may face today, SIEM capability is pivotal to ensure critical telemetry and event logs are maintained for security teams to predict and response to possible threats. However with more devices being introduced to enable business innovations and allows new means for staff to continue working at desired productivity levels remotely during the pandemics, the SIEM capacity are continuously being pushed to its maximum.
Legacy SIEM platforms that uses proprietary, inefficient architectures that are unable to cope with the volume of data produced by modern enterprises is today counter-productive. Next-generation SIEM that is built on a big data platform that can handle massive volumes of data produced by enterprises is the answer needed moving forward. Next-generation SIEM supports consumption and analysis of hundreds of terabytes of data in real time and present the required integration capability with other tools (e.g., SOAR, EDR, XDR, CTI) for speedier detection and response.
The current Covid-19 crisis has exposed the vulnerabilities of digital infrastructures and has increased demand for efficient cyber security solutions one that is clear the use of next-generation SIEM technology. The technology accelerates incident detection and response, giving organizations the freedom to collaborate and the insight to adapt