Can you remember what happened at 3:45pm last Tuesday? How about what you had for dinner three nights ago? What if you had to somehow correlate those two pieces of information together to make a life-changing decision in just a few seconds? The answer is, unless you are Data from Star Trek the Next Generation, you would likely not be able to do it at all, let alone in a timely fashion.
This is Data. He has a really good memory...
But that is exactly what we ask security analysts to do multiple times per day. It's one of the toughest challenges they face - the capability to store and recall bits of information that may be relevant to an event, and then make a decision about what is happening to rectify the problem. Hmm, perhaps that is why so many companies are having difficulties finding and hiring security analysts these days.¹ But I digress...
In reality, many threats reveal themselves over time, lurking in the background until perhaps it’s too late. That’s exactly how ransomware works. Once a system is penetrated, the ransomware will exist there for days, weeks or months before it is activated. This makes it very difficult for human beings to detect, correlate and remediate the effects of ransomware. So, how can human beings remember events that may seem insignificant or normal when they occur and then correlate that information to new data to realize a security breach is happening?
One way to tackle this problem is by pairing humans with technology. Just like when Data from Star Trek helps Captain Piccard work through calculations at machine speed to make the right decision, Dynamic Scoping a feature of Robotic Decision Automation (RDA) does the same thing. It enables security teams to process massive quantities of information leveraging probability to determine the correct path to remediation.
Because RDA is by definition a robot, it is able to correlate seemingly insignificant events that occurred in the past to new data that is collected. Then, it applies logic and intelligence to re-scope the probability if an attack or threat really exists. While RDA is far from Data from Star Trek, implementing it into an environment is like adding an expert security analyst that never forgets.
Learn more about how the Respond Analyst scopes and re-prioritizes at this link.
¹Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings, Kelly Jackson Higgins, Dark Reading