LightCyber, a provider of behavioural attack detection solutions, has announced new tools that equip enterprises to meet increasing Board demands for security accountability and compliance with internal and industry regulations, such as the General Data Protection Regulation (GDPR). LightCyber also introduced updated metrics from customer production systems and an online calculator so that prospective customers can quickly and easily assess current operational efficiency and the gains that they will receive from a LightCyber Magna deployment.
Asset and resources management
“Clearly traditional security infrastructure is failing to curtail network attacks leading to a data breach or damage to an organisation’s most critical assets and resources,” said Jason Matlof, Executive Vice President, LightCyber.
“One dominant reason for the rising inability to find network attackers is the vast number of security alerts and the low level of accuracy for which security teams have to contend. Traditional enterprise security vendors have not properly armed security operators with the tools they need to accurately know whether or not an attacker is present on their network. Boards and executives will no longer accept this level of uncertainty, and are demanding more definitive confirmation of security assurance.”
“Some large Gartner clients receive from 500,000 to one million alerts a day across multiple security monitoring systems, such as SIEM and DLP”
Boards, executives, and other oversight groups are increasingly demanding definitive reports from their IT organisations that attests that the enterprise network is free from active attackers—either malicious insiders or targeted external attackers. Given the historical inaccuracy of traditional security system alerts, this type of definitive summary report was virtually impossible to generate for the average enterprise.
The new security assurance report from LightCyber Magna demonstrates the summary status of attack behaviour, and can demonstrate when all anomalous attack behaviours are resolved or remediated. The report serves as an important component for security accountability in an age when most attacks can only be detected after the damage is done.
Wasted time and wild goose chases
One reason for security operators’ inability to definitely attest to the organisational security posture using traditional security tools is the vast number of alerts with a low level of accuracy produced by those systems.
A survey conducted by the Ponemon Institute showed that 68% of security operations teams spend a significant amount of time dealing with false positive alerts with more than half their time wasted on alerts that are not productive. This type of gross system inaccuracy drives great inefficiencies that prevent security organisations from effectively assuring their organisational leadership of their security.
The new LightCyber Security Operations Centre (SOC) OPEX Calculator helps quantify the accuracy and efficiency of security tools and their impact on security teams. According to the Gartner Market Guide for User and Entity Behaviour Analytics, published on 8 December 2016, “Some large Gartner clients receive from 500,000 to one million alerts a day across multiple security monitoring systems, such as SIEM and DLP.”
"Having a thousand alerts is nearly the same as getting a million"
LightCyber SOC OPEX Calculator
The LightCyber SOC OPEX Calculator is based upon accuracy and efficiency metrics data aggregated and anonymised from customer production deployments. In the period from July 1, 2016 to December 31, 2016, LightCyber customers achieved a mean efficiency of 0.9 alerts per 1,000 endpoints per day. For example, a company with 5,000 endpoints would expect to receive 4.5 total alerts per day from LightCyber Magna. The mean accuracy reported for LightCyber customers is 99% for confirmed alerts and 61% percent for all alerts, which is a measure of the alerts usefulness according to user classification.
“Why should security professionals continue to accept hundreds or thousands of alerts per hour or day from their security systems when the vast majority of alerts lack any real value?” said Jim Broome, President of DirectDefense and security assessment expert. “Many of our clients are buried in far more security alerts than they can possibly review.” One LightCyber customer claimed that they had been receiving about 20,000 alerts per week just from their IPS. The Chief Information Security Officer (CISO) quipped, “Having a thousand alerts is nearly the same as getting a million—the number is too big to investigate a meaningful fraction of them.”