Spilling the Visibili-tea
Every single vendor out there has some sort of story on threat visibility. It’s been a topic of discussion in this community for several years now. You might know visibility by its pseudonym “single pane of glass” – which also plays into the problem of managing multiple security tools. At its core though, #SPOG comes down to visibility: having everything in one place allows for more simple management, sure, but you can’t manage threats that you can’t see.
Threat visibility isn’t that SIEMple
When SIEM first came onto the market, it was arguably not even intended to be a security tool. It was an operational tool. It was another attempt at visibility in the security ecosystem. Being able to see and handle alerts as they come in, in real time: game changer. Even though SIEM has bombarded the market, it has been far from a clean break. I cannot tell you how many practitioners I’ve talked to with horror stories about implementing SIEM, much less tuning it. It makes sense – it’s a massive undertaking. Correlating all the log data alone is a bear, much less integrating with the tons of other tools that touch your ecosystem.
Alerts on alerts on alerts
Arguably the biggest problem with SIEM is the problem it solves itself. More visibility lends to more alerts. The largest feedback against SIEM is alert fatigue. This is in part to the sheer number of threats out there, but the lack of tuning is not an insignificant part of this. Things fall through the cracks when there is too much noise. The real threats are getting buried beneath the innocuous ones, which of course leads to more risk. This is just a hard example – not to mention all the “soft” factors – add in burnout, too much work and not enough time, and of course the pandemic that we are still in, too many alerts can be overwhelming. We are in essence shooting ourselves in the foot by adding more visibility – but what is the alternative? We can’t leave our networks in the dark, for the reasons discussed before and many, many others.
Deception technologies can help
The last thing I want to do as I’m writing this is to make it seem even more helpless. Realism goes both ways – just as it is logical to go to the negative, we have to address the positive side here too. One of those “silver linings” is deception technologies. They in essence are the equivalent of “hiding in plain sight” – they are specific assets that would rarely, if ever, have access attempts by a legitimate source. This is very handy considering if an alert comes through on these assets, it’s much easier to prioritize them as serious threats as opposed to yet another notice about a machine not being patched.
XDR is your friend in threat detection
Automation, deception technology, even 24×7 MDR (managed detection and response) – these are all tools in your belt with our XDR platform. Visibility is a 360 degree issue, which means it should be addressed by a 360 degree platform. You’re not alone in dealing with the visibility problem, and there are options out there to help. Looking to lighten the load? Give us a call and we’ll schedule a demo.