LightCyber Introduces Security Industry's First Attack Detection Metrics
There is an old saying that “you can’t tell the players without a scorecard.” When it comes to cyber security, this could be extended as saying you can’t keep score unless you can separate the good actors from the bad ones so can concentrate your efforts on the bad ones.
Realities are that you need to know what you think you should, find out about the things you know you don’t know, and be exposed to the things you didn’t know you didn’t know. Indeed, it is the latter two that are critical to IT security professionals since it is the things not known that are causing a deterioration of security postures and setting off costly remediations as the bad guys continue to become more sophisticated to avoid detections and protections.
The above is context for an interesting announcement from Behavioral Attack Detection solution provider LOS ALTOS, CA and RAMAT GAN, Israel – based LightCyber. The company has introduced what it is calling, Attack Detection Metrics. This is correctly being billed as security industry first capability to measure the Efficiency and Accuracy of security solutions in detecting stealth attackers that have circumvented conventional threat preventions systems. They are views you can use.
The infographic below from LightCyber highlights the issue being addressed.
In short, there are too many alerts, too many false positives and limited time to investigate what really can wreak havoc.
Why accurate metrics enable efficiencies and better protection by focusing on what really matters
LightCyber, as part of the announcement, also revealed its own Attack Detection Metric results (which it will provide quarterly), derived from actual customer deployment data, indicating that its Magna™ platform has achieved a level of efficacy two orders of magnitude better than incumbent solutions. The metrics as noted relate to Efficiency and Accuracy and for the first quarter were as follows:
- Achieved a median Efficiency of 1.1 alerts per 1,000 endpoints per day. For example, a company with 5,000 endpoints would expect to receive a median of 5.5 total alerts per day from LightCyber Magna.
- As it relates to Accuracy metrics, Magna creates three categories of alerts: Confirmed, Suspicious and Unverified attacks. The median Accuracy reported for LightCyber customers is 62% percent useful alerts across all alert categories, as compared to 4% typically produced by other security products. The subset of alerts automatically categorized by Magna as “Confirmed” attacks achieved an accuracy of 99%.
The goal of the information generated by the Magna platform is to efficiently and effectively separate the wheat from the chaff so IT security professionals can better do their job.
The new Attack Detection Metrics address the issue of finding the bad guy behaviors, whether from the inside or from the outside of an enterprise by turning the current process of detection, which can easily miss the latest type of mischief, on its head.
Rather than look at what is known to be bad, it builds profiles on what is known to be good. Everything else is considered anomalous behavior that needs to be investigated as whether it is suspicious and needs attention or can be added to the list of accepted activities. The benefits, as can be seen, are important. Rather than help enterprises determine the value of a prospective security solution and its ability to focus a security team on critically important investigation and remediation activities.
“Mainstream enterprise security organizations are drowning in floods of daily alerts, resulting in complete paralysis and inability to focus critically scarce security resources on the important work of remediation,” said Jason Matlof, executive vice president, LightCyber. “Most reasonably sized security organizations have only the capacity to triage and research a handful of alerts per day, so attack detection systems must provide a manageable volume of accurate alerts so security teams can effectively contain cyber attacks before damage is done. These metrics will determine which solutions will drive true value for customers versus more of the same paralyzing analytics that have plagued the security industry for years.”
With every report from the security industry showing the explosion of exploits, being able to have skilled and certified IT security professionals concentrate on what really needs attention is obviously a priority. This means having the visibl.ity into all aspects of their “E”vironment so they can quickly detect suspicious behaviors, i.e., know the players. They then need to know which ones are good or bad so the bad ones can be taken often the field based on the level of threat they present.
LightCyber, as Matlof told me, is meant as complement to existing security measures. Great detection is the first step in enhancing protections and resolving problems quickly. It is why having accurate metrics about good and evil are critical, and a key for improving an organization’s security posture.
Edited by Maurice Nagle