Executive Summary
Many of today’s cyberattacks are broken into multiple stages of activity, each of which on its own is often difficult to discern as malicious rather than benign. Discernment is even more difficult given the volume of legitimate activity within which it naturally occurs given the diversity of work styles, devices, networks, applications, and cloud-delivery locations.
Simply put, effective human security analysis is exceptionally hard given the requirement to look through huge amounts of data for increasingly ambiguous signs of attack that only become more clearly malicious when viewed together as a complete multi-stage campaign. Imagine trying to piece together a puzzle when the pieces are not only small with muted colors but also mixed together with pieces of other puzzles. That’s the task facing security analysts today.
Threat Detection Challenge
Today’s cyberthreat campaigns in general, and ransomware in particular, are increasingly sophisticated—sophisticated in regard to the number of coordinated stages that comprise a campaign as well as the ability of each stage to leverage activity that is also common within the operation of today’s digital organizations. As a result, once past the traditional, prevention-oriented lines of defense, these campaigns can remain hidden and progress through to their ultimate outcomes, with impact increasing over an extended period of time—especially when they are mixed in among the huge volume and diversity of activity associated with today’s digital organizations.
Even with an experienced security team—dedicated to security monitoring, threat hunting, and incident response (which many organizations lack)—it is challenging for human operators to recognize, retain, connect, and understand each of these activities.
To read full download the whitepaper:
Cybersecurity and the Big Data Problem: Human Security Operations Alone Struggle to Keep Pace
