Extracting the Full Value from Advanced Threat Analytics to Protect Your Network

With all the publicity concerning network breaches and the exposure of client data, you would think hackers would be less successful as organizations get more serious about security. But you would be wrong…

Recent findings issued by Microsoft tell the real story:

  • The median number of days an attacker resides within a network before detection is 146.
  • Over 60% of all network intrusions are the result of compromised user credentials.
  • The average cost of a breach to the typical company is $3.8 million.
  • The total potential cost of cybercrime to the global community is about $500 billion annually.

These findings raise a key question… If corporate giants like Marriott, Target and Anthem can suffer data breaches despite big IT budgets, how can smaller firms like yours expect to do better?

Cover the Basics First

Obviously, having the right security tools is not enough. Your tools must be properly deployed, configured, and administered by people that know how to use them. Your team needs to be trained on how to spot intruders and what to do once they are discovered. A change in your corporate mindset may also be required: “block first, ask questions later.” You must have all these elements in place if you expect to stop bad guys in their tracks and thwart future attacks.

Advanced Threat Analytics (ATA) is a high-end tool that continuously monitors network events, enabling your security people to evaluate what’s happening in real-time or historically. But without properly setting the stage for ATA, the influx of data can overwhelm them. There are several items your IT Team should tackle prior to adding a tool such as ATA.

Some of these initial steps include:

  • Implementing Network Security Appliances (NSA) to proactively protect premises and cloud servers from unwanted traffic.
  • Protecting email with an end-to-end email encryption service.
  • Having a web application firewall and 2-factor authentication in place to protect client systems.

These and other basic defense measures act instantaneously to prevent intrusions.

The Value of RedZone as Your Security Partner

Some businesses just want the ATA software set up and forego the added-value management service that goes with it. This quick-fix approach often backfires, especially for smaller firms that do not have the right tools and expertise to identify and stop malicious attacks and shore up defenses.

For example, a basic step to bolster your defenses is to keep the ATA software updated. However, Microsoft aggressively updates and patches, making it hard for IT staff to keep up. Dynamic ATA technology can go through nine generations in two years. If your IT Team doesn’t keep up, the ATA loses its defensive value, even though it looks like the tool is still working perfectly.

With RedZone as your security partner, we assume the burden for the care and feeding of the ATA solution and help you determine how far monitoring should extend. For example, considering your firm’s reliance and investment in business platforms like Microsoft 365, Azure, Active Directory, AWS and others, it would probably make sense to monitor them with ATA too.

Going the Extra Mile

It takes expertise and experience to extract the full value from ATA. Most IT departments do not have this resource internally and look to their ATA vendors for help. But this is where most vendors fear to tread. They don’t want to run the risk of breaking your IT environment.

Unlike most security vendors, RedZone will take the necessary steps to deal with breaches. RedZone security experts review your ATA data, determine what should be done next and – if it is safe to do so – apply the remedy.

Going beyond automated defenses, RedZone’s team takes useful, positive action when needed. Acting as a cooperative partner, we make sure your IT Team does the right things in response to alerts.

When you lose a member of your IT Team, this cooperative partnership ensures that security coverage continues without the added pressure of needing to hire a “hero” to restore order out of chaos.

The Devil is in the Details

When it comes to alerts, it helps to have RedZone’s experts on hand to delve into false-positives. Take scripts, for example… They are useful for handling routine management chores, but even when they work well, they can trigger erroneous alerts. If no action is taken and a real threat comes up, the false-positives may hide the problem and prolong discovery.

In this case, RedZone can track down when a script was written, what operating system it was written for, why it is still needed, and what effect it is having on the network so that corrective measures can be taken or alternatives recommended.

Mistakes happen, and IT administrators can inadvertently create security risks. When this occurs, ATA helps uncover the issues, providing a training opportunity to improve your security administration. ATA helps flush out what needs attention and RedZone experts can determine if they are due to human error or a bad actor bent on doing harm.

The End Game

If you have not implemented the basics first, ATA will likely not be of much value to your organization. When managed correctly with the proper expertise, ATA lets you find the bad guys faster, allowing you to proactively hunt for threats – human error and/or bad actors – rather than passively resting under a false-positive notion that something purposeful is being done to improve security.

RedZone offers high-value human intervention to sort out complex issues with the Number One goal of preventing security breaches. RedZone not only watches for anomalies uncovered by ATA, but our security experts take action, leveraging proven processes that lead to problem resolution faster than your IT Team would normally be capable of doing on its own.