Like most of the cybersecurity industry, the Awake team was on the ground at RSA Conference last month discussing the latest security trends, threats and solutions. During the show, we surveyed pros who visited the Awake booth to learn more about the issues they’re currently facing. Here are some of the key takeaways uncovered by our survey:
TAKEAWAY #1: Threats are hiding in plain sight
When we asked RSAC attendees to identify what attack stage(s) their organization struggles to detect the most, 33 percent indicated “data exfiltration” while a close 31 percent cited “lateral movement.”
Lateral movement is a means to an end; a technique used to identify, gain access to and exfiltrate sensitive data, so it’s no surprise we see both the technique and the end result (exfiltrated data) ranking among top concerns. If the attacker is able to secure insider privileges (or is a malicious insider to begin with), lateral movement and data exfiltration activities can be especially difficult to detect, as it can appear as “normal” network traffic.
Threats blending in with business-justified traffic is a major trend we’re seeing across the board. In addition, research indicates that 70 percent of attacks will use encryption in 2019. This means analysts are ill-prepared to identify and stop attacks if they are not actively hunting for threats hidden in “normal” traffic.
Unfortunately, many security pros don’t have the skills or time to differentiate, or are overwhelmed by a flurry of alerts. This leads nicely into our next takeaway…
TAKEAWAY #2: Analysts want actionable incidents rather meaningless alerts
When we asked RSAC attendees which part of the alert investigation and response process takes the most effort, the most popular answer was “correlating all the stages of the attack from initial compromise to data exfiltration,” cited by 22 percent of respondents.
We aren’t surprised that correlating alerts creates a headache for 1 in 5 security pros, but what’s concerning is that the lack of correlation may mean it’s easier to ignore alerts than try to put together the pieces. In fact, the majority (54 percent) of respondents to an earlier Awake survey believe critical alerts sometimes go completely uninvestigated. Yikes.
It’s worth noting that AI and machine learning can help identify and correlate multi-stage attacks, which brings us to our next point…
TAKEAWAY #3: Industry split on AI
We asked RSAC attendees if they have, or would be, deterred from using AI-powered security tools because sensitive data needs to leave [their] organization to train the system. Survey says? The industry is split on AI, with 50 percent of respondents indicating they haven’t or wouldn’t be deterred from using AI-powered security tools.
Today you might be hard pressed to find a security company that doesn’t tout its AI prowess. Despite the proliferation of promises surrounding AI, security decision makers should avoid feeling tempted to implement an AI solution strictly because it’s the “latest and greatest.” Instead, CISOs and security teams should think critically about the gaps in their security posture that could benefit from specific AI techniques (for example, correlated alerts are a great benefit of AI.
RSA Conference offers great exposure to the innovations taking place within our industry – but also acts as reminder that we still have a lot of work to do. As we work together to improve cybersecurity for all, we must remember that the journey is not always going to be easy, and that persistence and commitment are critical to success.
About the Awake RSAC survey:
Responses gathered from 171 security professionals during RSA Conference 2019 between March 4-7, 2019.