Throughout the years, there has been a lot of talk about how to identify, triage, and minimize security threats via incident response. While incident response is critical, it is not sufficient when it comes to an end-to-end approach to manage security risks. Going forward, information and security operations teams are finding that it is a necessity not only to remain tightly focused on incident response, but also on deriving security intelligence out of our endpoints.
But you might ask, “Why focus on endpoints?”
Last week on a trip to Los Angeles, the latest print issue of Wired magazine caught my eye with its simple, yet dramatic cover and the words “Big Data.” I quickly flipped to the Big Data page (Information Revolution: Big Data Has Arrived at an Almost Unimaginable Scale) and found an infographic depicting some of the largest datasets in colorful bubbles proportional to dataset sizes. There in living color, the infographic showed that the top three datasets are not your stereotypical Big Data datasets (machine log data or data from video/music archival), but aggregates of data generated by individuals on the endpoints with which we are all familiar: desktop, laptops, mobile devices, etc.
Yes, every day your company’s endpoints (servers and end-user devices) are generating massive amounts of data. You have Big Data and that data is growing by the second. But do you know what the endpoint data are telling you? Can you even make sense of the data? More importantly, do you know what they are not telling you?
What and Where are the Threats Hiding?
Unknown threats are most definitely lurking amongst all the data generated.
These security threats lie not only at the perimeter of the organization, but also inside of the endpoints within your organization. Quite often, they are buried beneath the operating systems, deep in the kernel, within the unallocated space, slack data, registry, RAM, system data, and encrypted data.
Information and security operations teams need an approach that delivers security intelligence through delving right into the endpoints and drawing relationships between them. If you are curious about how to leverage massive amounts of unstructured endpoint data for security intelligence, then you will definitely want to join us at CEIC 2013 in Orlando on May 19th-22nd to find out more.
Want to learn how to glean rapid insight into potential threats lurking across your endpoints? Stay tuned.