How to Save Half a Day Investigating an IT Security Threat and Millions of Dollars Resolving with UserInsight

Last updated at Tue, 26 Sep 2017 15:20:05 GMT

During one of our latest webcasts, we polled the audience asking them how many hours, on average, it takes to investigate a security threat. The most common answer…half a day! The second most common answer…a day! That is a very large amount of time considering the fact that the threat has a better chance of being a false positive than an actual problem. In this blog post I will dig a little deeper into this problem that most of you probably deal with on a regular basis and talk about a different option that can help save your over-worked and under-funded security team up to half a week of work every month, or a month and a half of work every year, investigating security threats and millions of dollars resolving.

The Average Amount of Time it Takes to Resolve a Security Threat Costs You Millions

The 2013 Cost of Cyber Crime Study sponsored by HP revealed that the average cost of resolving cyber-attacks against organizations in the US is $11.56 million dollars…$11,560,000.00! That is a 78% increase since the initial study took place in 2009. What I find interesting though is that over this same four year period, the time it takes to actually resolve the vulnerability has also risen to a tune of 130%. The average time for resolution was 32 days in 2013. My calculation shows that on average, an organization is losing $361,250 a day until the threat is mitigated.

Depending on your company size and the industry that you work in, these numbers can vary. But one constant is that the number of successful cyber-attacks against organizations is rising. In 2013 the amount of successful cyber-attacks on a weekly basis rose by 20% compared to 2012 (102 successful attacks per week in 2012 compared to 122 successful attacks in 2013). So how can we improve? With cyber-attacks being more prevalent, you would think that technology would help us cut down the time it takes to detect and resolve these problems right? So why are they rising? We believe it is because most organizations are not detecting malicious behavior as it occurs in real time, allowing attackers to burrow deep into our networks undetected. By the time we find out that something is wrong, the damage is usually already done.

The Typical Threat Investigation is a Hassle

Earlier in the blog post I mentioned how the majority of our webcast attendees told us that it takes them, on average, half a work day, or 4.5 hours, to investigate a security threat. What takes so long? Let's look at the typical threat investigation process shall we?

Step 1: Your IPS detects malicious behavior at a certain IP address

Who owns that IP address?

Step 2: Login to your SIEM to find the host name of the IP address

Well which user committed the malicious behavior?

Step 3: Login to your asset management system to find username

I need more information on the user, what is his name? What office does he work in? How do I contact him?

Step 4: Login to active directory to find out who the user is

Step 5: Call the user and figure out what happened? Did they fall for the phishing bait? No? Then this is just a false positive. Yes? You need to take action immediately

Step 6: Try not to be frustrated by the fact you spent all day investigating a false positive OR remediate the problem immediately and save your organization money and a potential brand disaster.

With cyber-threats on the rise, shouldn't threat investigation be easier? Shouldn't we also be able to extend our security perimeter to include the cloud services and the mobile devices that our employees use so we can be alerted when mobile malware is detected or even if an ex-employee just downloaded a large amount of data from Salesforce? Wouldn't it be even better if you could do this in ONE platform? With UserInsight you can do just this; monitor risky behavior in real time, see the user associated with the threat with a couple of quick clicks, and not only monitor your network but also cloud and mobile environments too. You can give UserInsight a try here if this sounds like something you would be interested in.

As cyber-threats increase, we are seeing a high demand for security pros out in the workforce. Unfortunately the rate of security professionals in the workforce is not rising as quickly as the growth in cyber-attacks. Adding to the stress of your over-worked and under-funded security team is the fact that the majority of tools out there are not built to ease the daily burden of investigating security threats. Security professionals deserve better than this.

Have you been able to try UserInsight? What did you think? If you have not been able to take it for a test drive you can do so here for free.