You have heard the popular myth that human beings only use a small percentage of their brain capacity. As a sci-fi enthusiast, I love this one. Dreaming up fantastic scenarios where regular folk using 10 percent of their brainpower tap into the other 90 percent. They use wonder pills or alien injections to become savants, gain telekinetic powers, read people's minds, or otherwise master the paranormal realm.
The mundane reality is a lot more exciting than the myth. It turns out that we use virtually every part of the brain, and that most of the brain is active almost all the time. It's powering everything from basic motor functions like breathing or coordinating movement to higher-order functions like rational thought processing, logical sequencing, and making analytical considerations.
The brain is constantly working to make decisions, both voluntarily and involuntarily. A lot of those decisions are informed by memory, be it memory of past events or random information, or so-called muscle memory formed by practicing repetitive movement in certain situations to achieve an objective.
Ultimately, the brain is using most of its power transferring memory directly into action. It connects a lifetime of relevant past experiences as the foundation for how it prods the body to react to stimuli or how it spurs rational decision-making.
There's a big parallel here between the human brain and the cyber security operations “brain.” The security team's body — made up of security operations, security monitoring, and incident response personnel — needs a fully functioning 'brain' to process information about its existing threat circumstances and to then come up with beneficial action. This description of a "metaphorical" brain is the combined aggregate of human thinking power and machine-powered thinking over security technologies in place.
A lot of these teams have hoped for that fantastical pill that gives them the supernatural powers of completely automated threat detection and response. Many less than scrupulous security vendors been more than happy to offer up solutions that look almost like that on the surface, but never quite live up to those promises. That's because it's just as much science fiction as the human brain myth.
The mundane reality is that the security brain needs good memories, i.e., threat intelligence, and the best systems for making connections between them and the input about the current situation the security organization faces to help it process a situation and turn it into appropriate action.
This is exactly what an effective Extended Detection and Response (XDR) architecture achieves. It brings together all memories, connecting the security data and telemetry collected by the security technologies deployed. It reaches back into the past to identify whether or not the organization has potentially been a victim of a threat and then crunches that information to guide decisions about how the security team should respond — both automatically and manually.
Traditionally the security world has faced three major challenges in helping teams fully maximize the function of its security brain.
- Challenge 1: The first is that many organizations don't have visibility into all the threats on both a global scale and within local context. In other words, the local threats existing within or most relevant to their environment.
- Challenge 2: The second is that detecting threats requires having the right signals or information to show whether a threat does or doesn’t exist. Many security teams have solutions that provide them with shoddy 'memories,' providing bad data or false signals that keep triggering alarms for threats that aren't present.
- Challenge 3: And then the third challenge is a lack of connective brainpower between all of the disparate intel about individual situational inputs. Smaller security events are often deeply interconnected, and without something like an XDR architecture to pull it all together to process all the variables of past intelligence and existing circumstances, teams have struggled to prioritize action and bolster their resiliency after attacks.
When organizations start to address those three challenges through XDR, they maximize the use of their security brain. It's not magic, but it is a way to get the most out of the constant processing of attacks that a security team is called to do every day.
Check out this fun new marketing material on the Anomali home page that shares this perspective. (With pictures!)