By Tin Zaw, Director of Security Solutions
Your SIEM, your security team and alert fatigue.
Enterprises are generating more cloud-based transactions than ever — by some estimates, they could average over 2 billion a month. Security information and event management (SIEM) tools like HP ArcSight and log collection and correlation tools like Splunk are helping security teams distill this data into meaningful patterns and alarms. However, getting a SIEM to deliver intelligent and actionable data is a lengthy and ongoing process that requires trained staff with knowledge in information security, data enrichment, applying use cases for detection purposes, prioritizing content by relevance and context creation.
Unfortunately, the current shortage in experienced security talent is making websites less secure. Weakly configured SIEMS and short-staffed SecOps teams can lead to alert fatigue and increased risk of a breach. A recent Cloud Security Alliance survey found that 40% of security professionals say the alerts they receive lack actionable intelligence. With another 32% saying they are ignoring alerts because many are false positives.
Application threat monitoring means more log data
Security teams are now feeding data to their SIEMs from their content delivery network providers, web application firewalls, and other security detection tools to improve visibility into application threats. Providers like Verizon Digital Media Services help facilitate this by delivering real-time log streams. However, developing new threat signatures to correlate among various security incidents, and detecting potential web application attacks like SQL injection and cross-site scripting (XSS), often compounds the security resource gap, as it requires even more specialized skills to process the use cases and create a context for accurately alerting for this type of data. With each new web application framework vulnerability and each new API, your application attack surface grows, giving attackers a better chance to penetrate your web application. Nobody wants to be the next Equifax, but the reality is the increasing difficulty of managing the SIEM to produce actionable alerts for application vulnerabilities is stretching DevOps teams and diluting their effectiveness.
As our customer base grows, prospects and customers alike have asked Verizon Digital Media Services to help them solve this application security challenge. We have built the tools, hired security professionals, researchers and operations teams, and are strengthening their expertise by defending thousands of e-commerce, media and other websites against the largest DDoS, bot, and application attacks coming across our 59 Tbps, 125+ PoP network.
Reducing alert noise so you can see and mitigate real threats
To meet the needs of our customers around the world, Verizon Digital Media Services has combined the power of our global network, skilled frontline service team and application security specializations with the breadth and scale of Verizon Enterprise Solutions’ Global Security Services. Verizon Enterprise Solutions is a Gartner-recognized leader in the Managed Security Service Magic Quadrant. Adding these robust capabilities to our platform is an exciting development that will help our customers rapidly expand their application security visibility and responsiveness while reducing the noise and alert fatigue caused by multiple, poorly configured tools and services. It’s a natural alignment and integration that enables Verizon Digital Media Services to continue innovating our application security platform while providing customers the service assurance of one of the most experienced and respected security operations organizations in the world.
Customers can leverage this relationship in the following ways:
- Global workforce: Verizon’s global network of security operations centers have eyes on glass 24 x 7. They provide a proactive response to security threats, further extending application alerting to any customer and operations team, no matter their location or what their business hours.
- Alert intelligence: The alerting system integrates Verizon Digital Media Services’ WAF with Verizon Enterprise Solutions’ proprietary security analytics technology so that WAF alerts can be correlated with other security events to enhance the response team’s ability to correlate disjointed events and understand the bigger picture of security threats in real time.
- Reduced alert fatigue: Our 24 x 7 response team proactively reviews these alerts and when appropriate, forwards relevant alerts and provides recommendations, when appropriate, so customer SecOps teams can focus on taking action on priority one events.
Use case: Strengthening SecOps teams to handle big threats
Recently, an airline found itself in the crosshairs of bot attacks on its ticketing system. The customer’s managed security service provider was delivering alerts, but the surging botnet activity increased alert volume so much, that the small SecOps team had difficulty keeping up. Alerts swamped the team at all times of the day and night. This classic case of alert fatigue was taking its toll not only on the team but also on the business. And despite paying a premium, the managed security provider’s operational model was reactive. The client was left to sift through the mountain of alerts, filter out the noise, identify the real problems and decide what action to take.
Leveraging the Verizon Digital Media Services Managed Cloud Security service, the airline reconfigured their security alerting system to deliver less data with more intelligence. The Verizon security analytics engine and 24 x 7 frontline resources helped them reduce their alerting volume. They replaced midnight emails and calls with proactive, effective and accurate security controls. The result was that the airline was finally able to focus its team and technology on deploying effective countermeasures to keep ahead of the botnets. The Verizon Digital Media Services Managed Cloud Security service made it possible for this strapped SecOps team to break the cycle of alert fatigue so they could build a stronger security platform and protect the business — all under budget.
The threat detection X factor: People
Keeping ahead of today’s security threats requires more than just a tool with 24 x 7 alerting. Stretched SecOps teams need ongoing consulting to help them:
- Integrate their security runbook with vendor tools.
- Implement stronger tool usage.
- Prepare and run a war room if needed.
Managed Cloud Security operates as an extension of your team, with the skills and credibility to lead when needed. It’s not just a product, but a resource for industry knowledge. When a customer can pair intelligence and experience with security tools, they are more aware of their systems and can engage proactively to address threats.
More data doesn’t mean more intelligence. But with the corresponding practices, processes and people, you can create an effective security practice that keeps your web application secure. Backed by years of experience servicing global enterprises, Verizon Digital Media Services Managed Cloud Security means your web application security is in good hands.
For additional information about our Managed Cloud Security service and how it can protect your websites and apps, download the Managed Cloud Security slick today.
