Tuesday, December 6, 2016

How much time do you spend on false security alerts?

The latest data on global threats—from malicious websites and untrusted IPs to malware and beyond—can help a company detect threats and rapidly respond. The challenge is that threat intelligence feeds are, at best, uneven in quality.

Close to 70 percent of information security professionals say current threat feeds have a significant issue with timeliness, and only 31 percent rated their threat intelligence as very accurate.

This lack of accuracy means IT staff must deal with vetting the feeds themselves. And this not only takes time, it takes IT resources: 68% of security professionals say their time is consumed chasing down false alerts and sifting through more than 17,000 malware alerts each week.

The solution to reducing this flood of data to only the most relevant alerts is not less data, it’s better data. There are three key areas to helping your security team become more efficient, and the security solution within Operations Management Suite (OMS) can help you with each.

  • Increase the diversity, scale, and variety of data
  • Implement machine learning and behavioral analytics
  • Utilize simple tools that make mitigation more efficient

dashboard-analytics-mode

The Operations Management Suite dashboard gives you a comprehensive and holistic view of all your environments, helping you turn raw data into actionable insights.

Microsoft Threat Intelligence: a global view of the threat landscape

To start, you must have the right data from a diverse spectrum of sources to get a true understanding of what is happening. Microsoft Threat Intelligence gathers data from the entire Microsoft footprint.

We have trillions of data points coming in from billions of endpoints, and it’s that ability to understand and gain insight and take action based on that data that can make the difference,” said Brad Smith, President and Chief Legal Officer for Microsoft.

In addition to this, between our Digital Crimes Unit (DCU), the Cyber Defense Operations Command Center (CDOC), and the greater company, we employ thousands of the smartest security experts to protect our environments like Azure and Office 365. Through OMS, we share the information they gather with you, giving you unparalleled insights into the rapidly evolving threat landscape.

Analytics: Separate the signal from the noise

Operations Management Suite collects data from across your datacenters—Windows, Linux, Azure, on-premises, and AWS—and correlates it with the latest Microsoft threat intelligence to detect attacks targeting your organization. Not a list that is days old, but one that is updated in real time. It also applies behavioral analysis and anomaly detection to identify new threats, which align to known patterns of attack. You are provided with a list of the most pressing issues, immediately actionable and conveniently prioritized by the potential threat they pose.

omss-threat-intelligence-map

A visual map of network traffic to known malicious IP addresses lets you quickly find and understand where real threats lie.

Tools: Take swift and efficient action

The demand for qualified information security staff has never been higher. In 2016, one million information security openings are expected worldwide.4 While we can’t directly help you with hiring more security personnel, the threat intelligence within Operations Management Suite empowers your IT resources to be more efficient and helps reduce the time it takes to identify and respond to cyberthreats.

For example:

Operations Management Suite detects one of your computers communicating with known malicious IPs. The outgoing traffic is particularly alarming. With just a few clicks you can:

  • Isolate that specific machine
  • Block communication network-wide to the IPs
  • Use rapid search to find other actions taken by the attacker anywhere in your network

Learn more about Operations Management Suite and our approach to security.

To find out how attackers are targeting organizations today, read Anatomy of a Breach.



from Microsoft Secure Blog Staff

No comments:

Post a Comment