can be helpful in reducing the mistakes that initially lead to a network penetration in the first place. Employ SASE Cato recommends bolstering threat intelligence by combining security and network flow data wherever possible. This process traditionally incorporates aspects such as extracting event info, normalizing and storing that data and employing query tools. In particular, SASE (secure access service edge) networking helps to streamline this process, making accessible data sets to help deepen – and thus refine – security intelligence. This is especially effective given that actual, admissible network traffic usually terminates at the most-visited sites, whereas a bad actor tends to replicate servers and domains to avoid the proper classification as dangerous. Use Services with Machine Learning Cato derives what it calls a “popularity score” based on how much network traffic visits any particular site. Using machine learning, the software runs a series of algorithms against a data warehouse, to assess how frequently visited a particular URL is, thus helping to better diagnose its legitimacy. The process, unfortunately, is based more off of trends and is not foolproof. Cato integrates this statistic with an “overlap score,” based on the quantity of intersecting IoCs. Using these metrics, it was determined that 30 percent of threat intelligence feeds contained IoCs with less overlap and more popularity. Thus, Cato asserts, blocking these indicators can cause “unnecessary security alerts.” Rely on Proactive Measures False positives are one thing. Sure, they can cause interference that delays your efficiency, but the ageold adage of “Better safe than sorry” rings true in this case. The far bigger issue that must be addressed is the level of proactivity that your cybersecurity software offers. Currently, most applications employ what threat-detection software company Infocyte calls “preventative and reactive components.” While these types of software can help to identify or eliminate known threats, these offerings really only protect against commonly known risks. At minimum, Infocyte notes, your organization should eschew services that rely on reactionary components in favor of security software that actively searches out all attacks (known, unknown and hidden) while also promoting incident response. Particular proactive recommendations issued by Infocyte include: • Assessing the ability of your SIEM to promote proper defense. • Scheduling and conducting periodic assessments. • Employing software that actively audits all networked applications, files, servers, systems and hosts. • Establishing clear cybersecurity policy and procedures for how to prevent and handle threats. • Promoting smarter cybersecurity awareness and best practices among staff, especially in remote work environments. • Outlining clear cybersecurity policy and procedures. • Minimizing time between when malware is identified and resolved. • Acting always as if the breach has already occurred. • Outsourcing your cybersecurity to a specialist. Widespread instances of network penetration – especially across the widened attack surface of a remotework company – means that the “false positive” scenario is still preferable to missing malicious signals. Still, accuracy is the most important element of a cybersecurity service. For that reason, selection of the proper software for your situation, paired with the measures outlined above, represent the bestcase roadmap for your company. False positives aren’t going away, nor should they. According to Cato, 78 percent of “accurate” feeds still include false positives, with this figure unlikely to significantly drop regardless of the steps that you take. While these triggers are always annoying and occasionally time consuming, they represent an active attempt to target maliciousness before it impacts your operations, sensitive data or bottom line. But while they will never totally be phased out, there should still be a proper attempt to minimize instances and hone the focus in on the real problem: malicious activity. The question is, can you minimize their impact? J What have been the biggest impediments to scaling security for your remote workforce? Bandwidth restrictions impacting productivity 41% Equipment for remote work (devices, accessories) 39% Logistics of installing agents on employees’ personal devices 29% We have not experienced security scaling issues 26% Not enough security staff 19% Monetary requirements for buying more or better security appliances 17% Source: Cybersecurity Insiders, 2021 24 REMOTE WORK SOLUTIONS rwsmagazine.com
RkJQdWJsaXNoZXIy NTg4Njc=