Why we’re supporting the next generation of cybersecurity professionals with (ISC)²

The RSA security conference halls at Moscone Center were abuzz last week with conversations ranging from nation-state attacks to speculation about which household brand will be breached next.

But one conversation stood out like an ominous black cloud on the horizon—the cybersecurity skills gap.

At Respond Software we believe the talent shortage has gone far beyond something people alone have the capacity to tackle. The solution of the future is one that augments human capabilities with Robotic Decision Automation (RDA), which complements the security analyst’s skillsets and expands their ability to do more. Raising the bar for security expertise is our aim and we understand that the need for higher-skilled cybersecurity experts is more critical than ever before.

This year at RSA we decided to take a slightly different approach by giving back to help expand our cybersecurity community. Starting at RSA and events throughout 2019, in lieu of giving away hundreds of coffee mugs, pens, or other swag that ends up in landfills, Respond Software will instead route a portion of our promotional budget to (ISC)² Cybersecurity Scholarships programs. Attendees at several hand-picked Respond Software events throughout the year will have the option to add their name to our donation roster.

To kick this off, last week 90% of the attendees at our sponsored RSA ISE VIP Luncheon agreed to support this effort! Today we will send our first donation check, in the amount of $2,000, to (ISC)2. We are aiming to donate upwards of $10,000 throughout the course of 2019 to support the valuable work the scholarship program does and to give back to our industry.

About ISC² CyberSecurity Scholarship
Each year, (ISC)², the world’s leading cybersecurity and IT security professional organization, and the Center for Cyber Safety and Education, partner to offer scholarships to students around the world.

The Respond Analyst
Last year, the Respond Analyst, our flagship product pre-built with decision-making skills, was able to expand the capacity of security teams by adding the equivalent of 14 ‘human’ analysts to every team which shines a light on how quickly automation can help close the skills gap.

New Paradigm for SecOps
Atones for the Sins of my Past

I’m an advocate for SIEMs, and have been a staunch believer in correlation rules for the past 15 years. So why did I decide to take the leap and join the Respond Software team?

The simplest explanation is that I joined to atone for the sins of my past. In the words of the great philosopher, Inigo Montoya, “Let me explain…No, there is too much. Let me sum up.”

Coming to terms with the reality of SIEMs

For 15 years I’ve been shouting from the rooftops, “SIEMs will solve all your Security Operations challenges!”  But all my proclamations came into question as soon as I learned about the capabilities of the Respond Analyst.

I’ve held a few different roles during this time, including Sales Engineer, Solutions Architect, and Security Operations Specialist. All of these were pre-sales roles, all bound together by one thing—SIEM expertise. I’ve worked with SIEM since it began and I’ve seen it evolve over the years, even working as part of a team that built a Risk Correlation Engine at OpenService/LogMatrix. Make no mistake about it, I’m still a big fan of SIEM and what it can do for an organization. It doesn’t matter whether you are using a commercial or open source solution, or even built your own, SIEMs still provide a lot of value. For years I helped customers gain visibility into their logs and events, worked with them to meet compliance requirements, and pass their audits with ease. I developed use cases, wrote correlation rules, and firmly believed that every time a correlation rule fired, it would be a true incident worthy of escalation and remediation.

Funny thing about that correlation part, it never really worked out. It became a vicious cycle of tuning and tweaking, filtering, and excluding to reduce the number of firings. It didn’t matter the approach or the technique, the cycle never ended and still goes on today. Organizations used to have one or two people that were responsible for the SIEM, but it wasn’t usually their full-time job. Now we have analysts, administrators, incident responders, and content teams and SIEM is just one of the tools these folks use within the SOC. In order to solve the challenges of SIEM, we have added bodies and layered other solutions on top of it, truly unsustainable for all but the largest of enterprises.

In the back of my mind, I knew there had to be a better way to find the needle in a pile of needles. Eventually, I learned about this company called Respond Software, founded by people like me, who have seen the same challenges, committed the same sins, and who eventually found a better way. I hit their website, read every blog, watched numerous videos, and clicked every available link, learning as much as I could about the company and their solution.

The daily grind of a security analyst: Consoles, false positives, data collection—repeat

I think one of the most interesting things I read on our website was the 2017 Cyentia Institute’s Voice of the Analyst Survey. I can’t say I was surprised, but it turns out that analysts spend most of their time monitoring, staring at a console and waiting for something to happen. It’s no surprise that they ranked it as one of their least favorite activities. It reminded me of one of my customers, who had a small SOC, with a single analyst for each shift. The analyst assigned to the morning shift found it mind-numbing to stare at a console for most of the day. In order to make it a little more exciting, the day would start by clearing every alert, every day, without fail. When I asked why, he said the alerts were always deemed as false positives by the IR team, and no matter how much tuning was done, they were all false positives. At least they were actually using their SIEM for monitoring. I’ve seen multiple companies use their SIEM as an expensive (financially and operationally) log collector, using it only to search logs when an incident was detected through other channels.

My Atonement: Filling the SIEM gaps and helping overworked security analysts

Everything I’ve seen over the years combined with what I learned about our mission here, made the decision to join Respond Software an easy one. Imagine a world where you don’t have to write rules or stare at consoles all day long. No more guessing what is actionable or ruling out hundreds of false positives. Respond Software has broken that cycle with software that takes the best of human judgment at scale and consistent analysis, building upon facts to make sound decisions. The Respond Analyst works 24×7, and never takes a coffee break, never goes on vacation and allows your security team to do what they do best—respond to incidents and not chase false positives.

I’ve seen firsthand the limitations of the traditional methods of detecting incidents, and the impact it has on security operations and the business as a whole. I’ve also seen how the Respond Analyst brings real value to overwhelmed teams, ending the constant struggle of trying to find the one true incident in a sea of alerts.

If you would like to talk to our team of experts and learn more about how you can integrate Robotic Decision Automation into your security infrastructure, contact us: tellmemore@respond-software.com

3 Top Cybersecurity Trends for Channel Partners to Watch

We all know the next big IT shift towards AI and intelligent automation is on the horizon. Over the last few years, vendors and press have focused on the human-to-machine automation transformation. Many vendors promise solutions—but often those solutions are complex and not optimized for the channel.

The good news is that cybersecurity is primed and ready for automation now. But the question for Partners remains: How can VARs, Integrators, and MSSPs find the right solution that provides true human-to-machine technology to simplify life for their customers?

Here are 3 cybersecurity trends driving the industry towards automation and 1 simple recommendation that Channel Partners can leverage to get ahead of the game immediately:

Trend 1: Traditional console monitoring is ineffective

Security teams are spending too much time monitoring alerts that are providing little value for their efforts. Sifting through endless alerts with a high percentage of false positives is ineffective at best. It’s causing us to burn-out analysts and puts us in a continuous cycle of hiring and training new analysts. The analysts interviewed for the Voice of the Analyst (VOA) Survey help to inform us on where analyst time is better spent and what activities we should automate first. Automating workflow to increase analyst efficiency is important, but automating level 1 alert monitoring itself? That’s downright disruptive.

Cyentia Institute: Voice of the Analyst Survey, October 2017

Figure 1: We asked analysts to score their daily activities on a number of dimensions. One key finding is that analysts spend the most time monitoring, but it provides low value in finding malicious and actionable security threats. (Download VOA Survey here)

Trend 2: People shortage

Most security teams don’t complain about a lack of tools. They complain about a lack of people. Whether the budget won’t allow or skilled resources are in too high a demand to find (or retain), we’ve reached a point where supply has been outstripped by demand. What choice do we have? Leverage the power of machines to augment our security teams. This is finally possible with the advent of decision-automation tools that can off-load the task of console monitoring.

Bitdefender: CISOs’ Toughest Dilemma: Prevention Is Faulty, yet Investigation Is a Burden, April 2018

Figure 2. People shortage is a significant trend in our industry, forcing us to re-think how we’ll actively monitor our environments.

Trend 3: Too many tools

“Too many tools” is a regular complaint in organizations. Did you know most large organizations have on average 75+ security tools? Small organizations are not far behind. It’s all we can do to deploy these necessary security tools and maintain them let alone reviewing the endless alerts that these tools generate. What’s even more challenging is that we’ve seen an industry trend toward platform-based tools (e.g. SIEM or SOAR) that require engineering resources with the expertise to build and maintain platform content such as correlation rules and playbooks. Many organizations are overwhelmed by this task. In contrast, tools with expertise built-in, intelligent applications if you will, are what’s needed and they will change the way we think about platforms going forward.

Momentum Cyber February 2017 CYBERscape

Figure 3. Most organizations have dozens of tools to deploy and maintain.

An industry transformation is underway: Automation will disrupt the way cybersecurity is performed

We think 2019 will be the year of automation for cybersecurity. Customers will require automation to address the top 3 trends. They need to scale with the growing number of alerts and the increased complexity of monitoring today’s hybrid environments. Adding more people is not the answer. Finding ways to automate to off-load cumbersome tasks typically performed by humans is the answer.

This presents exciting new revenue opportunities for Channel Partners and also explains why we are experiencing increased momentum with: VARs, Integrators, and even MSSP’s. Respond Software is at the forefront of the industry transformation—applying machines to roles traditionally executed by humans.

One simple recommendation to gain a competitive advantage: the Respond Analyst

The Respond Analyst software is a scalable, plug-and-play “virtual analyst” that perfectly complements any security detection tool sale: Channel partners can increase revenue by providing both the tools and the Respond Analyst to monitor them.

This provides a unique selling opportunity for our Partners. Partnering with Respond Software gives customers—especially the mid-size enterprise ($50M-$1Bil revenue) simple solutions with fast results. Partners can also take advantage of recurring revenue, fast installations, and the potential to increase opportunities to sell more sensors.

To all of our potential partners: Please reach out if you’re interested in learning more about our solution and our partner program by registering at our partner page. Here’s an opportunity to bring new value to your customers and join us on our journey to bring automated security monitoring to the world.

For more information, read the Global Channel Partner Program Press Release

Keeping NCAA football fans safe from cyber threats on game day

Did you happen to catch the Clemson vs Alabama NCAA Championship game Monday night? While the Clemson upset was thrilling to watch, I bet most fans had no idea there was another team behind the scenes, hard at work, keeping attendees and the stadium safe from cyber threats.

Yep, our diligent Respond Analyst™ was working away in a state-of-the-art Security Situation Room live during the entire game day experience. We had the privilege to partner with students from Norwich University in this onsite cyber-offensive in one of the newer football stadiums.

Cybersecurity is becoming more critical than ever before at these big events. Keeping close to 100,000 fans streaming video, playing social streams on the jumbotrons, and communication on the field has turned sporting events into a serious technical infrastructure. The potential for malicious malware attacks or other security breaches during these live events keep IT leaders on edge, the entire time they are online.

Really, every event should be monitored and analyzed for security implications during live events to help ease the risk. The problem is there are never enough people to handle it. That is until now…

For the first time in my 18-year career, I witnessed 243,000 events analyzed, 431 events diagnosed as malicious, and 13 scoped incidents escalated—without one false-positive through the entire event! The Respond Analyst’s Decision Automation technology performed without any disagreements from the onsite security team. Bottomline, the Respond Analyst learned its environment in less than a few hours!

To put that into perspective, a traditional security team would need more than 125 trained analysts to cover this volume in the same timeframe. The Respond Analyst covered all of this, freeing up the 6 onsite Norwich students to focus on threat hunting and more strategic security concerns.

This was a humbling experience for all of us at Respond Software who work so hard to deliver solid results for our customers. For those who know my style, I’m not one to brag or fluff the numbers just to give marketing a win, and this time, even I had to sit back and feel good about our capability and results.

One of the best parts was how fast everything was up and running. We built a server loaded with the Respond Analyst and sent it into the Norwich University students to set up. Everything was handled remotely by the Respond Software team and the Respond Analyst was operational within 6-7 hours from start to finish. Immediately after the first escalation, the students realized the event was a real threat (not junk data)—right away it generated more interest with the students and security personnel.

This is why I love helping customers. Knowing that the Norwich team could go to bed knowing that their networks were safe. They could identify and address cyber threats quickly—covering more with a smaller security team, meant they could focus on higher priority tasks. I look forward to working on more events like this in the future.

For more information, check out the Respond Software and Norwich University Press Releases.

The Power of Humans Working With Machines

In a recent article from BBN Times, AI/IOT/BLOCKCHAIN expert, Ahmed Banafa, reflects on the cybersecurity issues and threats that plague organizations today.

It’s no secret that cybersecurity has been and continues to be a major issue for most companies. Most noteworthy is the fact that 2017 saw a number of high-profile security incidents, 1+ year later we are no more prepared. This is caused from a number reasons, the main one being that security threats have and continue to evolve in a manner which makes it difficult for human intervention alone to keep up or even address the issue.

“Another great benefit of AI systems in cybersecurity is that they will free up an enormous amount of time for tech employees. Another way AI systems can help is by categorizing attacks based on threat level. While there’s still a fair amount of work to be done here, but when machine learning principles are incorporated into your systems, they can actually adapt over time, giving you a dynamic edge over cyber criminals”.

But can AI alone solve the problem? According to Banafa, no, and most industry veterans would agree.

“Unfortunately, there will always be limits of AI, and human-machine teams will be the key to solving increasingly complex cybersecurity challenges.”

Combining human reasoning and judgement with the power of AI/ML is the secret ingredient to defending your network environment from malicious activity.

Watch this webinar to learn how you can add more capacity and efficiency to your team.

Respond Software Named Top 25 CyberSecurity Innovators

As the new Product Marketing Manager at Respond Software, I knew when joining the team they were doing some outstanding work. Simplifying the complexity of network security monitoring and triage and giving hope to small security teams working to defend their business.

The hard work and dedication from the team has been paying off!

We are proud to announce Respond Software has been selected as one of the Top 25 CyberSecurity innovators by Accenture Innovation Awards! The 25 leading innovations consist of a diverse batch of cutting-edge concepts, developed by pioneers in our eight global themes. These innovations are reshaping our world and unlocking new value and benefits for all parties.

I tip my hat to the amazing product and engineering teams that have developed Respond Analyst to tackle some of the complexity in security operations.

Thank you, Accenture Innovation Awards for recognizing Respond Software as a top CyberSecurity innovator! We are excited to be a part of such an amazing and forward-thinking group!

Autonomous network security monitoring; analyzing the ‘breadcrumbs’ that are hiding in your Palo Alto Networks IPS/IDS logs

Detecting an intruder at the point of entry can have the greatest impact on reducing system compromise. That is why Network Intrusion Detection and Prevention Systems (IDS and IPS), such as Palo Alto Networks, are essential tools for any security organization, whether they are protecting the data of a large financial services company or the sensitive research and valuable intellectual property of a university.

The downside is that these systems generate such a high-volume of data that even large, mature security teams do not have the capacity to analyze all the data collected.

A common strategy for dealing with this volume of data is to apply rules to filter data, such as, ‘only show me an IPS detection alert if it appears to be high priority’. The result is that a great deal of relevant security data is disregarded, limiting visibility into relevant clues and context which would save time in identifying and responding to actual threats.

Imagine being able to increase the visibility and depth of analysis by leveraging every IPS detection alert from your Palo Alto Networks’ devices.

An autonomous network security monitoring tool should seamlessly integrate into existing PAN IPS/IDS implementations and immediately begins providing value by taking over the monitoring, analysis and decision-making required to turn IDS/IPS data into vetted, actionable security incidents that are ready for human analyst response.

By the way, out-of-the-box, Respond Analyst’s accuracy rate is between 83-92%, after a month on the job, accuracy rates push higher – with many customers reporting nearly 100% accuracy after 60-90 days.

What Would Ali Say About Being #124 on the Cybersecurity 500 List?

Respond-Software is #124 on the Cybersecurity Ventures annual ranking of the hottest and most innovative cybersecurity companies aka Cybersecurity 500 2018: The Official list. So here goes, “wow”, barely nine months after shipping our first product!?! What would Muhammad Ali say: “It’s not bragging if you can back it up.”

It’s so refreshing to have a product work and that actually gets to the core of a real security challenge, then do it in an innovative way. It’s humbling in fact. Much of the time, and often in the early days of a tech company, marketing is charged with putting lipstick on a pig.

But I’ve come to learn, in my short time here, that Respond Software solves a real-world problem, analyzing with the ever-growing pile security data, with a whole product solution, The Respond Anaylst. And customers are loving that we solve a giant headache for them, all without creating more headaches in managing the solution. Cybersecurity analysts have plenty of headaches already.  

Plus the coolest thing for me is watching the engineering team, from young 20-somethings to older-than-50-somethings working side by side, making a great product and making my marketing job easy. Hats off to the product team….I’ll take #124.

 

CB Insights Recognizes We’re Well on Our Way to Transforming Cybersecurity

CB Insights just identified Respond Software (that’s us) as one of 29 early- to mid-stage high-momentum companies who are pioneering technology that may well transform cybersecurity. We were placed in the “autonomous watchdog” category and we agree that we’re well-positioned to transform this space; particularly security operations.

If you don’t know, we’re on a mission to radically improve the decision-making capability and capacity of security operations. In fact, we have patent-pending technology we call the Respond Analyst, which can automatically analyze, reason and make good decisions about threats just like that of a highly-skilled security analyst—but with far greater accuracy than any human could pull off given its ability to quickly sift through mountains of security data.

If you’re interested, get the CB Insights report where they dig into 14 categories shaping cybersecurity innovation this year, and also take look at the other 28 cybersecurity startups. Then give us a call at 833-737-7661, and we can talk about how we can transform your security operations for the future, today.

Join our growing community! Subscribe to our newsletter, the "First Responder Notebook," delivered straight to your inbox.