Accelerating Security Resilience at a Fraction of the Cost

Manage security in the current macro and help increase business revenue and EPS with a scalable SOC

IMAGINE accelerating security resilience at a fraction of the cost an operating foundation at scale to change how we play the infinite game of cybersecurity and even shift the security cost to the bad guys.

Muhammed Ali was not the strongest and toughest boxer – he owned the middle of the ring, using his speed to play the infinite and shift the hard work to his adversaries – he was the greatest.

Elevating Security Resilience requires focused visibility to deliver the punches – the underlying foundation must be automated to keep up with scale at a fraction of the cost.

The popular mantra says, “every business is a digital business; you’re digital, or you’re dead.” This could not be truer in today’s world. While digital transformation has been an ongoing trend, Covid-19 accelerated that transformation beyond normal. Companies transformed their digital processes 20-25[1] times faster than before due to the onset of the pandemic. The changes included customer interactions, employee engagement, back-office processes, supply chain, and more. It’s a cliché to state that cyber becomes a core business risk as businesses get more digitally connected. Scan the SEC filings of any publicly listed company, and it’s amply clear that digital transformation unlocks massive growth but also expands the risk profile for most organizations. Cyber resilience is business resilience. The corollary holds equally true – cyber fragility impedes business growth.

Figure 1: Digital transformation & cyber risk

The traditional approach to cybersecurity has focused on a tech-centric approach to security, evolving a technology acronym soup, continuously trying to find the smarter tool to speed up and scale security operations. This approach, somewhat successful at the lower levels of digital transformation, has become unmanageable and incredibly expensive for businesses. In spending time with board directors, management teams, CIOs, and CISOs, we’ve realized that there is a dire need to pause and reset the foundational thinking with an eye on more effective delivery that can scale at a manageable cost.

When an attacker targets an organization, they start by first conducting reconnaissance and understanding a company’s business model, profile, and strategy. Security needs to focus on the WHY – the business context. Why are they an interesting target, and what can they do to deter the attackers? This fusion of business context with security is critical to transforming security for the modern enterprise and helping executives answer key questions on business risk and resilience.

As Einstein aptly said, “we cannot solve our problems with the same thinking we used to create them.”

Sprucing up Security Operations

A recent ESG survey highlighted that 52% of security professionals consider security today more complex today than two years ago[2]. There are several drivers for this, including changing threat landscape, growing attack surface, higher volume and complexity of security alerts, growing adoption of public cloud services, keeping up with operational needs of SecOps technologies, and collecting and growing more data.

Elevating security necessitates a step back first to understand the goal.

“The core purpose of security operations in a business is to drive operational resilience and reduce risk at an affordable cost. Done right, it can increase revenue and EPS.”

As the digital exposure of businesses grows and regulatory oversight grows[3], business leaders and their security teams need to be able to answer core questions that center around the risk profile of a business and their ability to respond to threats efficiently.

  • Where are we vulnerable? Both on the IT and the OT infrastructure?
  • Do we know when we are under attack?
  • What can we do to minimize the impact of an attack?
  • How prepared are we? What are our gaps?
  • How do we optimize spend?
  • How can we make my team more efficient?

My partner, Hugh Njemanze (known in Silicon Valley as the father of SIEM), long ago declared

“Visibility is crucial to the digitized enterprise. We started ArcSight to help address that problem with telemetry. Years later and with advent of next gen SIEMs, SOARs and various claims to XDR, it is still not commercially feasible to attain full visibility – the first step required in security operations is simply inhibited by cost. At Anomali, we have spent years focused more on the fundamental underlying problem of scaling security and not the alphabet soup of acronym solutions. This is essential to empowering modern businesses to unlock their true potential.”

The Anomali Vision

Our vision at Anomali is to help customers lower their digital risk so they can unlock the massive value digitization brings to their worlds. Our goal is to help customers move from a reactive baseline to a more proactive delivery of security.

This necessitates transforming security from a black box to empowering business leaders to answer key questions on business risks and investments. Driving more effective and efficient security operations at scale enables businesses to maximize their return on security investments while accelerating their digital transformation for business growth.

Delivering this vision entails building on the latest innovations in cloud, AI and ML, big data, intelligence, and automation to:

  1. finally, avail customers full visibility of all security telemetry (including cloud logs) at an affordable price point
  2. synthesize all this big data by correlating it with the largest global repository of intelligence
  3. embed automation every step of the way
  4. help our customers’ security and IT teams elevate security from defensive risk management to proactive key contributors to their business results

Some of our long-time XDR customers have implemented the above and are now using the Anomali Platform to drive broader business insights. That’s the next evolution of our vision.

The Scalable SOC Platform

Decades ago, Hugh started the security journey with the core belief that people are the heart of security; processes and technologies revolve around the people. Technology makes people more efficient, while processes aid people in ensuring consistency and repeatability. While it is critical to address all 3 core elements, accelerating security efficiency must start with the people. More efficient people make more efficient security operations, driving more secure organizations.

It all starts with visibility. Visibility into ALL the telemetry of an organization. Visibility across TIME. This includes the endpoints, network, cloud, identity, messaging, and all other attack surfaces for an organization. Most organizations struggle to achieve full visibility, often operating well below 50% due to cost and scale considerations, leaving a gaping hole for the attackers.

I am proud of the proprietary big data technology we have evolved at Anomali that finally delivers on Hugh’s original vision. Today, we are the MODERN SIEM/SOAR/XDR provider that can attain breakthrough levels of visibility at a fraction of the cost being spent by customers today – the modern application of AI and ML. We seamlessly integrate with all security controls (EDR, NDR, Network, Email, Identity, etc.) and the public clouds. The Anomali technology can correlate and behaviorally analyze all this data to identify threat patterns and expose organizational risk.

However, visibility without context is limited. Many organizations start on the visibility journey but cannot answer a key question – how is this relevant to me? Understanding the risk context – local and global threat landscape is critical to answering that question. It helps you understand what’s impacting your region, your industry, and you. Intelligent business context is crucial to make sense of data. I am proud that today we house the largest repository of global intelligence to drive relevant business actions (both defensive and offensive) from the most visibility in the market.

Bringing together visibility and context can unlock actionable insights for an organization –illuminating digital risk exposure, aiding attack surface assessment, qualifying investment risks, driving recognition into emerging threats and attacks, providing timely insights into active attacks, and enabling an informed, holistic response. Often the security function at most organizations is limited by their tools and highly focused on detection & response, leading to all the security operations challenges highlighted in the ESG survey.

The one thing we never lost track of in the vision is the underlying need to automate, as talent is scarce. Our focus will always be smarter security operations. We want to help customers modernize their SOC and, more importantly, build a scalable foundation based on talent, automated processes, and the best-in-class tools to help grow revenue and EPS. Automating response is one part of this. However, lean-forward organizations automate not just the reactive stage of the process but also elevate proactive monitoring through automation – driving continuous assessment, continuous monitoring, continuous enrichment, and automated response. And connect this entire chain through continuous learning.

Organizations are in a constant state of battle, even more so in today’s macroeconomic environment. Awaiting peacetime to improve posture increasingly seems like an impossible dream in an ever-connected world.

Security is core to business success. However, it’s also an infinite game played by attackers and defenders constantly trying to one-up each other. The only way to get ahead is by playing the adversary, not the pawn.

This is the Anomali way.