November 11, 2015
Colby DeRodeff

5 Ways Analysts Can Be the “Needle Within the Needles"

<p>As enterprise security attacks are now more targeted, more sophisticated, more adaptable, and harder to find than ever before, data analysts need to be the “needle within the needles” in order to find the needle (priority threats) in a haystack of data.</p><p>In other words, as it becomes more difficult to prevent attacks, security professionals must do a better job responding by reducing attackers’ free time within the network, getting to the root cause faster, and learning from each attack to reduce future risk.</p><p>The big question is: How can IT directors ensure that their analysts accomplish these things and, subsequently, pinpoint <strong><a href="" target="_blank">which threats they should be spending time on</a></strong>? Here, we’ll detail 5 key tactics that will help directors improve their incident readiness and response and reduce risks early on, which they can then share with their analysts.</p><p><strong>1.  Clearly define analysts’ roles and responsibilities.</strong></p><p>If everyone in the IT department is a potential incident responder, that means that no one has clear responsibility. This can result in confusion, inconsistent processes and prioritization, or, worst of all, nobody responding to an incident because they assume someone else is.</p><p>Roles and responsibilities should be clearly defined, and the management of security devices, incidents, and security data and analysis should be differentiated. Directors should deploy tiered and specialized staff with the flexibility to quickly ramp up their incident response teams.</p><p><strong>2.  Enhance training on avoiding advanced threats.</strong></p><p>IT directors can improve training by conducting actual internal phishing attacks and relaying to the analysts how easy or hard it was for the attack to succeed. They can also encourage attention and compliance by driving friendly competition among departments over which team can best see through an attack.</p><p><strong>3.  Formalize response processes and procedures.</strong></p><p>In security, as in so many other areas, ad-hoc efforts lead to ad-hoc results, which can leave dangerous gaps in an organization’s defenses. Predefined, monitored, and enforced workflows help <strong><a href="">assure accountability and consistency</a>,</strong> and can be more easily tracked to improve an organization’s security posture over time.</p><p><strong>4.  Improve formalized incident response tracking/workflow.</strong></p><p>It can be very difficult to provide governance or properly track how analysts are handling incidents, and whether the process is improving over time. A more effective system should be highly customizable to drive the organization’s incident response process from alert collection to incident creation and escalation through triage containment, analysis, and remediation. Such a tool should integrate with other security platforms to automatically create tickets based on alerts from them. It should also allow the organization to apply custom prioritization/severity ratings to incidents, and to enrich tickets with internal data such as asset information and criticality ratings, as well as external data such as domain and blacklist information. The tool should also allow the organization to adjust the priority ratings based on new data about risks and vulnerabilities.</p><p><strong>5.  Focus on Cyber Threat Intelligence.</strong></p><p>To move beyond simply reacting to new threats, organizations need an early warning system so they can take appropriate actions against even the most sophisticated threats. <strong><a href="">Cyber Threat Intelligence (CTI)</a> </strong>can help security professionals identify potential threats more quickly.</p><p>As security breaches cause massive damage to organizations’ reputations and bottom lines, your IT department demands consistent, measurable improvements in security response over time. Fine-tuned people, processes, and technology can limit the damage quickly when a security incident occurs. Getting ahead of, rather than just responding to, security threats turns the security staff from reactive first responders to strategic partners in the long-term health of the enterprise.</p><p>Want to dive deeper into threat intelligence? Check out our free on-demand <strong><a href="{page_1875}">webinar</a> </strong>to learn how to avoid costly breaches and defeat cyber adversaries</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.