Threat Intelligence Blog

Posted December 19, 2019

Cybersecurity experts spend a lot more time dwelling on the negative than on the positive – and to be fair, that’s their job. Not to mention, 2019 wasn’t exactly a triumphant year for the good guys. Hundreds of millions of records were stolen, countless computers fell prey to ransomware, and billions of dollars were lost to criminal hacking. 

Nevertheless, there are some silver linings in what often appears to be a rather bleak cyber threat landscape. News of the latest high-profile breach may dominate the headlines, but we’d be remiss not to point out some of the promising cybersecurity developments happening behind the scenes.

This is the season to be thankful, after all. So, as we near the end of 2019, here’s what we’re thankful for at LookingGlass. 

Promising Signs That More Spend Is Being Allocated Toward Threat Detection and Response

In 2019, approximately 75% of organizations increased cybersecurity spending. That’s good news, but the real win comes in the form of tighter relationships between security experts and executives to ensure that it’s more of the right spending. 

Specifically, decision-makers are budgeting more for better threat detection and response capabilities, including automation, threat intelligence, and other resources that directly improve the ability to detect and mitigate cyber threats. 

In fact, Gartner estimates that 50% of all security operations centers (SOCs) will encompass  threat intelligence, threat-finding, and incident response capabilities by 2022. For context, only 10% of SOCs had those capabilities in 2015. 

So why is this promising? 

Because we’re finally seeing real signs that we’re moving away from a prevention-first (sometimes prevention-only) strategy that has left us with unwieldy security stacks, too many point solutions, too much noise, and a whole lot of alert fatigue. This isn’t to bash point solutions – which have their place. Rather, it’s to celebrate the realization that there’s more to cybersecurity than prevention. 

Security Services Are Taking Center Stage

In that same vein, more organizations are coming to terms with the fact that, while technology investments are important, so, too, is ensuring that you also have the in-house talent to manage those resources. And unfortunately, the cybersecurity talent gap isn’t getting any narrower. 

The good news is that more small and medium-sized businesses – as well as some smaller enterprises, have realized managed security services can help fill some of those gaps. Forrester has even called 2019 “The Year of Services.” 

Granted, some security services are only marginally better than point solutions in the sense that they’re just managing those solutions for you. However, there’s also an increasing presence of, and demand for, managed services that deliver comprehensive threat intelligence, threat monitoring, third-party risk monitoring, and threat mitigation – all of which can lead to profound improvements in overall security posture. 

This is especially true for third-party risk management. 2019 was a banner year for vendor data breaches. A third-party risk monitoring service that can minimize the threat of vendor breaches is something to be thankful for in and of itself. 

Deception Technology Advancements

Deception shows a lot of promise at doing what so many security analysts have tried and failed to achieve: eliminating false positives. 

Network administrators deploy deceptive attack surfaces, or “decoys,” that are meant to lure intruders so that security analysts can quickly detect their presence and gather intelligence about their activities – sort of like honeypots. Files, credentials, intellectual property, and network connections basically act as bait. 

Once ensnared, infiltrators can be dealt with rather swiftly, and their threat can be contained. On average, deception technology has demonstrated the ability to reduce dwell time by 91%. 

Precision is also key here. No legitimate user would ever have any reason to interact with a decoy. That means there are no false positives in the world of deception technology. To be certain, deception is no magic bullet for threat detection. But it’s definitely something to be thankful for.

Greater Context Around Network Events

This is a big one. As prevention-based security shares the limelight with threat detection and mitigation, contextual threat intelligence will be just as important as traditional malware signatures. 

We’ve seen this particularly with Zeek (formerly Bro) which is an open-source network monitoring platform that helps contextualize network events using network data – as opposed to aggregating alerts from various point solutions and purchased logs. Zeek provides rich network information that’s searchable and organized.

The benefit of a platform like Zeek is that it delivers more data than NetFlow, and more meaningful data than PCAP. More simply, it delivers just the right amount of context for threat hunting – not too little that there isn’t enough visibility, but not too much that analysts are overwhelmed with traffic, the majority of which is useless. 

When paired with other sources of threat intelligence, an open-source platform like Zeek makes it possible to prioritize certain information and events that are most relevant to your IT environment. 

The Aeonik™ Security Fabric  

At LookingGlass, we have plenty to be thankful for as we approach the end of the year that was nothing more so than the amazing customers we work with.  

But our Aeonik™ Security Fabric, which unifies many of the cybersecurity trends we’re most thankful for into a platform that we’re proud of, is a close second.

We debuted the Aeonik™ Security Fabric, which is our most adaptive software-defined threat response platform, earlier this year. The intrusion detection and prevention system (IDPS) packs asset visibility, threat intelligence, network traffic analysis, behavior- and signature-based detection (incorporating Zeek IDS capabilities), and cutting-edge mitigation techniques such as cyber deception into one framework that’s woven seamlessly across your network.

With Aeonik™ Security Fabric at the helm, 2020 will be the year where you identify, hunt, disrupt, and respond to adversarial activities at the point of origination. 

In the meantime, though, the entire team here at LookingGlass wishes you a healthy, happy holiday season! 

Additional Posts

What 2019 Taught Us About Vendor Data Breaches

Third-party data breaches have been problematic for the better part of a decade. The infamous ...

A Year in Review: Cyber Trends in 2019

Each year, the cybersecurity industry is bombarded with threats to be concerned about. In the ...