It’s Time to Transform Your Cyber Defense to Be More Dynamic & Proactive
By Trellix, May 26, 2022
This story was written by Kathleen Trahan.
Erratic and unpredictable adversaries are becoming immune to traditional linear defense approaches. Security analysts, drowning in alerts and information overload, are dealing with too many manual cycles of researching, investigating and analyzing configuration guidelines, best practices, and hardening documents that are incomplete and/or contradictory, without a full understanding of blue team exercises, making them unable to prioritize next steps. Mean time to respond is increasing adversary dwell time/breakout time to damage. Lack of effective change control processes and a clear understanding of the impact of applying a particular countermeasure in a customer’s environment, bring friction between security and IT teams.
Summed up, today’s dynamic threat landscape is alive and chaotic. Yet SecOps attempts to stay ahead of real-time threats is met with additional chaos. Consider:
- On average, companies with over 1,000 employees maintain about 70 security products from 35 different vendors, according to a report by CCS Insight.
- Unsurprisingly, according to an ESG¹ study, 44 percent of these alerts go uninvestigated due to a combination of talent scarcity and the multiplicity of security solutions generating a huge volume of alerts. The top barrier cited was the sheer volume of never-before-seen malware, with 44 percent of respondents citing this as their key concern. Coming in a close second (30 percent) was the time it takes to investigate threats once they are discovered.
- According to Cybersecurity Ventures, the cost of ransomware damage is expected to reach $265 billion by 2031. Their report predicts that there will be a new attack every 2 seconds, as ransomware perpetrators progressively refine their malware payloads and related extortion activities.
Additionally, SOC professionals’ response to threats is met with limited success, as previous approaches don’t have the necessary strategic defensive thinking and require a highly adaptive framework to guide not only SOC professionals, but also security architects, engineers, auditors and IT admins.
To address the need for dynamic proactive defenses, Trellix is introducing our Adaptive Defense Model (ADM). ADM emphasizes the importance of preparedness and “shifting left” to increase the security stance of an organization before the attack. It provides automated coaching with progressive insights during and after the attack to deliver solid countermeasures that minimize impact.
Unlike traditional linear models, ADM will help CIOs and CISOs identify assets at risk, mitigating actions, increase visibility, detection, and response capabilities to prevalent threats with a deeper understanding of the why and when of actions.
A new framework and approach
Some well-known cybersecurity models focus on modeling the attacker, not the defender. While they may offer some of the “what and how” to mitigate, they do so from a linear perspective. ADM offers the “when and why” to use defensive tools and actions. The framework is designed to boost SOC preparedness, anticipation and critical thinking.
Dynamic, full attack lifecycle guidance
ADM covers the entire attack lifecycle, offering guidance before, during and after the adversary initiates the attack, and empowering the SOC to address the attacker’s complete actions, end to end.
OODA (Observe, Orient, Decide, Act)
To predict movement effectively this feedback loop provides continuous guidance based on progressive insights---assuring best security outcomes.
ADM offers intuitive guidance to boost the necessary critical thinking in each attack phase. ADM is focused on quickly driving solid security outcomes: positive attack simulation results, reduce exposure and risk, and improved security.
An example of AMD in action may be seen in the recently released defensive playbook in Trellix Insights.
As SOCs work to stay ahead of the evolving threat landscape, Trellix is pleased to offer this proactive, dynamic defensive approach, shifting SOC teams’ readiness to help defend faster and smarter, with proven best practice guidance. Highly dynamic defense will transform your cybersecurity to become living security. To learn more, read the adaptive defense model white paper.
Dec 7, 2023
Trellix Named 2023 Global Endpoint Security Company of the Year by Frost & Sullivan
Dec 4, 2023
Trellix Extends Virtual Intrusion Prevention System with AWS Gateway Load Balancer
Nov 28, 2023
Board Support Remains Critical as Majority of CISOs Experience Repeat Cyber Attacks
Nov 27, 2023
Trellix Announces Cybersecurity Generative AI Innovations Powered by Amazon Bedrock
Nov 22, 2023
Trellix Hosts Zero Trust Strategy Virtual Forum
The latest from our newsroom
By Harold Rivas · November 28, 2023
Uncover insights from global CISOs on post-cyberattacks strategies in Mind of the CISO: Behind the Breach. Learn proactive defense tactics and the role of XDR.
Is your organization’s data protected from an Alien Symbiont attack? In this episode we’ll dive into how the National Superhero Keeper Agency developed a unique use case to defend against an Insider Threat.
New ransomware attacks occur daily, including Rhysida ransomware. This blog aims to improve defenders' security with insights and detection rules.
Get the latest
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Zero spam. Unsubscribe at any time.