The modern threat landscape is constantly changing. How can an organization maintain mission and business focus in the presence of an evolving adversary? If we take a business centric approach, technology leaders will tell you that the organizations security posture and capability should evolve to maintain parity with mission and business priorities.
Balancing the demands of the changing threat with demands of the changing business can sometimes appear incompatible. Of course one can’t simply overhaul the security infrastructure every time there is a new class of threats. Ransomware is getting quite a few headlines these days, but that doesn’t mean some of the traditional problems of rogue devices gaining access to your network are going away.
To combat the ever growing list of cybersecurity challenges, our partner Accenture has announced a new integration with Splunk, Palo Alto Networks and Tanium to deliver the Accenture Cyber Defense Platform (ACDP).
What capabilities would an organization need to reduce their overall risk from old and new threats?
- Network visibility: Not just for basic communication stats like netflow but deep visibility to understand the applications, services and user interactions.
- Endpoint visibility: Whether they are the laptops of travelling execs or virtual machines running business applications in the cloud – endpoints get directly impacted by the attackers
- Analytics: To identify anomalies on the endpoints and the network. Create alerts and enable investigations.
- Automation: To reduce the time to response for gathering more context for events or to take actions for high confidence events.
- Business and technology expertise: A trusted party must provide technology and business guidance so complex technologies will result in reducing the risks for a demanding business.
No single provider or supplier can address these capabilities. This can only be achieved when proven technologies and services providers work together as an ecosystem – for the customer. The ACDP provides advanced threat detection, correlation, search and incident management capabilities designed to help organizations respond to and remediate sophisticated cyber threats on-demand, at-speed and at-scale. Black Hat 2016 attendees can view a live demonstration of the offering at Splunk booth #1348.
Chief Security Evangelist