The Challenge of Disjointed Alerts

...And 12 Cybersecurity Posts from around LinkedIn

In this Issue

Foreword | 12 Posts on Cyber |?Featured Leader | From Cyngular | Afterword

Foreword

We are excited again this week to share 12 posts from cybersecurity thought leaders on LinkedIn. Useful content includes an NSA warning to iPhone and Android users, an incident handling process document, a post of an article about why vulnerabilities are out of control in 2024, and more timely information.

We again highlight a Featured Leader this week.

Additionally, a piece from Cyngular Security describes the challenge when identifying nesting threats due to the disconnected nature of individual alerts over a vast period of time. When connecting these over such long periods, each working day can provide hundreds of alerts or more, making the work of identification impossible using conventional approaches, according to the piece.

We're thrilled to send out issue fifteen, written to deliver digestible insights that provide value.

We always welcome feedback, submissions, and input from our readers. If you have questions or concerns, contact our editor Dylan James Brock .

12 Posts on Cyber

Useful LinkedIn Posts This Week in Cybersecurity

An incident handling process document was shared by Aryaa Mathur

An interesting article, "Why Are Vulnerabilities Out of Control in 2024?" was posted by Chris H.

A 2024 CISSP Detailed Content Outline with Weights Final was shared by G M Faruk Ahmed, CISSP, CISA

Andrey Prozorov posted an EU cybersecurity regulatory landscape document

Mike Holcomb shared a common mistake made by ICS/OT environments

The importance of real-time insights for SOC security analysis was explained by Burcu YARAR

Arjun Vir Singh broke down the distinguishing traits of Cockroach Startups

An NSA warning to iPhone and Android users was shared by Harun Seker, CISSP

Marina Daineko posted news on an FCC proposal requiring the enhancement of cybersecurity

Patrick Garrity ?????? shared a detailed summary of CISA's "Stop Ransomware" Guide

AIT ICHOU MUSTAPHA ?? posted about major actions to take against malware behaviors

A paper that explores how to interlink heterogeneous digital asset networks was shared by Chris Ngoi, CFA, CA

Featured Leader

Dr. Joseph J. Burt-Miller Jr.

We are excited to showcase ??Dr. Joseph J. Burt-Miller Jr., PMP? ???????? as our featured leader this week.

Dr. Burt-Miller leverages his cybersecurity knowledge to complement his ability to give strong presentations, creating avenues to enhance the understanding of teams and partners through clear workshops and conversations concerning cybersecurity. Additionally, he excels in government project management while utilizing an approach grounded in clear communication and mutual respect from all parties.

Dr. Burt-Miller is a United States Air Force Veteran with a myriad of experience in IT, Cybersecurity, Project Management, and cloud-based applications within the United States government spanning at least 15 years, including agencies such as the DoD Cyber Crime Center (DC3), Department of Homeland Security (DHS), and currently serves within the National Security Agency (NSA).

Dr. Burt-Miller is another cybersecurity leader we are excited to feature.

From Cyngular

The Challenge of Disjointed Alerts

A primary challenge when identifying nesting threats is the disconnected nature of individual alerts over a vast period of time. When connecting these over such long periods, each working day provides hundreds of alerts, making the work of identification impossible using conventional approaches.

A potential sign of a breach might emerge in January, and another related alert may pop up in March. Given the deluge of insights that Security Operations Centers (SOCs) handle daily, it becomes a herculean task to correlate these time-separated events. SOCs operate round-the-clock, with different analysts covering various shifts. Thus, the person who saw the January alert is likely not the same person who encountered the March one. Without a continuous memory or a system to bridge this gap, it becomes virtually impossible to link these two seemingly disparate alerts.?

This discontinuity provides a fertile ground for cyber threat actors to infiltrate and navigate cloud environments.

For SOCs to stand a chance against nesting threats in the cloud, they must embrace the concept of insights instead of alerts. Here's why:

• Historical Context:?By connecting alerts over time, analysts gain historical context. They can discern patterns, repetitions, and sequences of alerts, enabling them to proactively hunt, investigate, and neutralize nesting threats before they escalate.
• Reduced False Positives:?Correlating alerts can help in filtering out false positives. A standalone event might seem harmless, but when seen in conjunction with past alerts, its malicious nature might become apparent.
• Efficient Resource Allocation:?Not all alerts warrant the same level of attention. By understanding the interrelations between different alerts, SOCs can prioritize their response, focusing their resources on proactively countering the most pressing threats, often nesting threats.

Recognizing the importance of insights is one thing; implementing it effectively is another. Here's how SOCs can start:

• Invest in Advanced SIEM Systems:?Security Information and Event Management (SIEM) systems that offer advanced correlation capabilities can automatically link related insights, making it easier for analysts to spot patterns.
• Continuous Training:?Regularly train SOC analysts on the importance of historical data. Encourage them to always look beyond the immediate insight and delve into past related events.
• Collaboration and Communication:?Promote a culture where analysts freely communicate their findings, especially if they suspect they've stumbled upon an element of a nesting threat.
• Leverage Nesting Threat Intelligence Platforms:?These platforms can offer insights into known threat patterns, enabling analysts to compare real-time insights with known threat behaviors.

Organizations can also use Cyngular's THIRDhub platform. Cyngular's forward-thinking strategy to address nesting threats signifies a major shift in approaches to cybersecurity.

While many solutions traditionally react to threats, Cyngular stands out by actively seeking and addressing them before they escalate. This is achieved by identifying typical behaviors of threat actors and catching those small yet critical deviations.

The realm of cybersecurity is in constant flux, with adversaries continually devising new tactics.?

Nesting threats represent one such evolving strategy, exploiting time and discontinuity to evade detection. By understanding the importance of fast insights and investing in systems and practices that prioritize it, SOCs can tilt the balance in their favor.

Visit Our Website to See the Solution

Afterword

That's a wrap for our newsletter this week. Our next issue will feature another piece from Cyngular, a Featured Leader, and a new group of 12 useful posts. Reach out if you have anything to submit for our next issue or want to connect with Cyngular.

Notice:

The posts in this issue reflect the views only of the individual LinkedIn users and do not reflect the views of Cyngular Security, its employees, or any other entities. The links shared in this issue were written by LinkedIn users and do not constitute an endorsement of Cyngular Security, any other entities, or this newsletter by those users, entities, or the "Featured Leader."

Reach out to Dylan James Brock if you have any concerns about CISO Signal.