New Reporting Assures Boards and Executives That Networks are Free from Attackers, and New Efficiency Metrics Confirm Operational Expense Benefits of Magna Platform
LightCyber, a leading provider of Behavioral Attack Detection solutions, today announced new tools that equip enterprises to meet increasing Board demands for security accountability and compliance with internal and industry regulations, such as the General Data Protection Regulation (GDPR). LightCyber also introduced updated metrics from customer production systems and an online calculator so that prospective customers can quickly and easily assess current operational efficiency and the gains that they will receive from a LightCyber Magna deployment.
“Clearly traditional security infrastructure is failing to curtail network attacks leading to a data breach or damage to an organization’s most critical assets and resources,” said Jason Matlof, executive vice president, LightCyber. “One dominant reason for the rising inability to find network attackers is the vast number of security alerts and the low level of accuracy for which security teams have to contend. Traditional enterprise security vendors have not properly armed security operators with the tools need to accurately know whether or not an attacker is present on their network. Boards and executives will no longer accept this level of uncertainty, and are demanding more definitive confirmation of security assurance.”
Boards, executives and other oversight groups are increasingly demanding definitive reports from their IT organizations that attests that the enterprise network is free from active attackers—either malicious insiders or targeted external attackers. Given the historical inaccuracy of traditional security system alerts, this type of definitive summary report was virtually impossible to generate for the average enterprise. The new Security Assurance report from LightCyber Magna demonstrates the summary status of attack behavior, and can demonstrate when all anomalous attack behaviors are resolved or remediated. The report serves as an important component for security accountability in an age when most attacks can only be detected after the damage is done.
Wasted Time and Wild Goose Chases
One reason for security operators’ inability to definitely attest to the organizational security posture using traditional security tools is the vast number of alerts with a low level of accuracy produced by those systems. A survey conducted by the Ponemon Institute showed that 68% of security operations teams spend a significant amount of time dealing with false positive alerts with more than half their time wasted on alerts that are not productive. This type of gross system inaccuracy drives great inefficiencies that prevent security organizations from effectively assuring their organizational leadership of their security.
The new LightCyber Security Operations Center (SOC) OPEX Calculator helps quantify the accuracy and efficiency of security tools and their impact on security teams. According to the Gartner Market Guide for User and Entity Behavior Analytics, published on December 8, 2016, “Some large Gartner clients receive from 500,000 to one million alerts a day across multiple security monitoring systems, such as SIEM and DLP.”
The LightCyber SOC OPEX Calculator is based upon accuracy and efficiency metrics data aggregated and anonymized from customer production deployments. In the period from July 1, 2016 to December 31, 2016, LightCyber customers achieved a mean efficiency of 0.9 alerts per 1,000 endpoints per day. For example, a company with 5,000 endpoints would expect to receive 4.5 total alerts per day from LightCyber Magna. The mean accuracy reported for LightCyber customers is 99% for confirmed alerts and 61% percent for all alerts, which is a measure of the alerts usefulness according to user classification.
“Why should security professionals continue to accept hundreds or thousands of alerts per hour or day from their security systems when the vast majority of alerts lack any real value?” said Jim Broome, president of Direct Defense and security assessment expert. “Many of our clients are buried in far more security alerts than they can possibly review.” One LightCyber customer claimed that they had been receiving about 20,000 alerts per week just from their IPS. The Chief Information Security Officer (CISO) quipped, “Having a thousand alerts is nearly the same as getting a million—the number is too big to investigate a meaningful fraction of them.”
The Security Assurance report is available now, and the SOC OPEX Calculator is now live on the LightCyber website and freely available for anyone to use. Take the SOC OPEX assessment using the online calculator today.