Black Hat 2016: Affirmation that cybersecurity needs automated response


By Eyal Benishti

This year’s Black Hat conference had no shortage of valuable training sessions and exciting keynote speakers. But for IRONSCALES, the five-days in Las Vegas was highlighted by the opportunity to meet with dozens of security experts; those who fight everyday against a variety of frequent and complex cyber attacks. From security consultants and incident response specialists to CISOs, analysts and architects, we were fortunate to hear first hand from those actually ‘carrying the stone’ for their organizations.

It was both unique and educational to hold genuine conversations with enterprise security pros, learning from those on the front lines about what really hurts, what the biggest challenges are and what problems are faced daily. Believe it or not, in most cases, the challenges aren’t what we imagine them to be in our labs.

For engineers and product guys like us, we often assume that in-house security pros spend time dong the same things that we do; analyzing new ransomware or assessing zero-days and other fully undetected pieces of malware. But for the security pros that we spoke to, the biggest challenge is actually keeping up with all of the alerts and alarms that their many cybersecurity solutions amplify daily.

Alerts & Alarms: The SOC Team Overload

Specifically, the majority of cybersecurity pros we spoke with admitted that there are just too many alerts to know where to begin. With network, endpoint and cloud security solutions sounding alarms multiple times daily, it’s all but impossible to quickly determine what is real and what is a false alarm. There simply aren’t enough security analysts to do the job.

Let’s face it; cybersecurity events now happen daily, yet organizations lack the experts to manage these events as quickly as they need to. Surely there is a need for a defense-in-depth strategy in which multiple solutions are deployed to protect digital assets; but the unintended consequence of such a strategy is the excessive burden put on SOC teams that aren’t built to handle such volume.

We also spent time at Black Hat walking around the booths of different vendors to learn about what’s new and what technologies companies are working on. The truth is – there are plenty of security solutions out there; all claiming to have their own “unique” approach to mitigate or stop cyber attacks. At the end of the day, however, most of the products and solutions only raise alarms and blow whistles, passing the ball to the SOC team to do all of the hard work.

But as with most enterprises that we have engaged with, the SOC team is often so backed up that it can take weeks, even months, for them to run the forensics and determine a real attack from a false alarm. This is an extremely dangerous proposition, because most remediation processes need to begin within minutes of attack discovery. As such, this ‘asymmetric war’ between alerts and SOC working hands makes it impossible to stop attacks, essentially allowing the bad guys to win more often than anyone would like.

IRONSCALES: Combining Human Intelligence with Machine Learning

To alleviate the burden of SOC teams and expedite remediation of events, IRONSCALES has pioneered technology that combines human intelligence with machine learning.

Our employee-based intrusion prevention system is the first email phishing solution with an automatic response to phishing emails. This unique functionality makes it possible for us to expedite the time from attack to remediation from weeks to seconds, without ever needing the SOC team’s involvement.

Our new product, Federation, allows organizations around the world to communicate like never before. Specifically, Federation automatically and anonymously shares phishing attack intelligence with enterprises and organizations worldwide, providing users with unprecedented intelligence, in real-time, on dangerous and destructive zero-day attacks. As a result of this collaboration among IRONSCALES users, enterprises and organizations can proactively defend their network gateways and endpoints.

Under today’s threat landscape, simply sounding alarms, blowing whistles and raising red flags won’t cut it anymore. Instead, active and automated incident response is necessary to ensure the integrity, confidentiality and availability of digital assets. As one of the CISO’s we met with last week exclaimed, “Don’t just detect, fix it!” That’s what automated response allows for.

For us, Black Hat reaffirmed that IRONSCALES multi-layered phishing mitigation technology with an automatic response to phishing emails is truly the future of phishing mitigation security. We look forward to attending the show again next year.

(This post, by Eyal Benishti, was first published on the IRONSCALES blog).