Interview with Noam Rosenfeld, Senior VP Research & Development, Cyber Intelligence Solutions, Verint Systems Inc.
What is the biggest cybersecurity challenge enterprises are facing?
NR: Today, there is an ever-escalating cyber war in which the attackers have the edge. Consider: Companies invest $92 billion annually on cybersecurity – yet 80 percent of them are still breached. Ninety-one percent of organizations follow a risk-based cybersecurity framework – yet the number of security incidents grew by 38 percent in the past year, and intellectual property theft increased by 56 percent. Have the attackers outsmarted the defenders? In many cases, the answer is yes.
In practical terms, what needs to be improved in enterprises’ cybersecurity strategy?
NR: To begin with, let’s talk detection time: The average time it takes for companies to identify an attack is a remarkable 256 days. By that time, the damage could be irreparable. Most companies today fight complex multi-vector, multi-staged attacks with single-vector point tools that overwhelm analysts with countless alerts. Each alert must be manually examined to determine whether it is part of a larger attack, standalone, or a false positive. With so many alerts, it should be no surprise that on average only 4% of alerts are actually investigated, leaving attacks still active on our networks. On top of this, the demand for skilled cyber analysts far outweighs the supply, so many security teams are understaffed or staffed by cyber analysts without the appropriate skill sets. Few organizations have enough skilled security analysts who can use the tools they already have to investigate the cyber incidents that are surfacing.
Moreover, there is a pronounced lack of integrated forensics between the network and the endpoint which makes cyber investigations even more complex and time consuming. This leaves the company’s already lean cyber resources even more hopelessly mismatched against the attackers. Automating the investigation process is going to be the only way to overcome these security challenges.
How can Verint help reverse this situation?
NR: Our Threat Protection System accelerates the path from detection to response via automated investigations. It’s a single, pre-integrated platform that combines multiple detection sensors, proactive forensics, investigation and response. Threat Protection System gathers and analyzes massive amounts of data, fusing thousands of leads into a handful of prioritized incidents with visual storylines, reducing detection and investigation time from weeks to hours or minutes.
It’s like having thousands of investigators spread out along all channels, gathering valuable information from multiple detection and forensics sensors and synchronizing it with everyone to provide a single, crystal clear story that confirms an attack.
It lets enterprises:
- Detect complex threats fast with its specialized detection sensors across the attack chain, network, endpoints and payload
- Confirm or refute attacks, transforming thousands of leads into a handful of prioritized incidents telling the attack story and providing the ‘big picture’
- Dramatically simplify cyber investigations by optimizing the man-machine relationship
Can you go more in-depth into the automation aspect of the Threat Protection System?
NR: By automating investigation and incident response steps, the solution offloads work from the SOC team, freeing them to focus on the most complex investigations where human judgment is required.
It comprehensively and continuously monitors network traffic, employing multiple sensors that can detect attacks across the kill chain and share mutual intelligence in order to build a solid story. This includes files and payloads, systems and endpoints in the network, incorporating lateral movement command and control sensors to find and locate threats regardless of attack type, stage, vectors or tools used and to provide a multi-layered depiction of reality. By automatically combining detection leads and forensics to assemble a clear visualization of the attack path, the solution enables a thorough investigation that transforms thousands of leads into a handful of meaningful incidents.
Can you summarize, in just three points, why enterprises should move to Verint Threat Protection System?
NR: No problem, here you go:
One, you shorten time from detection to response, thereby minimizing damage to the organization.
Two, you automate time-consuming investigation and incident response steps, offloading the SOC team and letting them focus on the most complex investigations where human judgment is actually required.
Three, you get a holistic, comprehensive approach that allows for dynamic, context aware and agile security operations.