There is a confusing array of technologies and solutions available for organizations looking to improve their security posture. So where should an organization begin?
Dmitri Alperovitch, co-founder and CTO of CrowdStrike, an eSecurity Planet top EDR vendor, has a few ideas on where organizations should focus their efforts to make the biggest difference in cybersecurity outcomes. In a video interview, Alperovitch offers insight into the metrics and the approaches that organizations should be measuring to help reduce cyber risk.
CrowdStrike has been busy this month, announcing a $1 million warranty against breaches for its clients on June 5 and raising $200 million in new funding on June 19. CrowdStrike's flagship technology is its Falcon platform, which provides endpoint detection and response (EDR) and other security capabilities.
So where does Alperovitch think organizations should start with cybersecurity?https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"First, start with an objective for what you are trying to do," Alperovitch said. "A lot of people just jump to solutions immediately because they think their problem is stopping a piece of malware or some exploit."
The higher-level question that organizations should be looking to answer is not about stopping malware, Alperovitch said, but about stopping data breaches. Once an organization begins to focus on how to prevent breaches, the conversation and the strategy can be determined to help achieve that objective.
A key statistic tracked by CrowdStrike is breakout time, which is the time that it takes for an attacker to break out of the initial machine that they are able to infect in an organization, in order to spread the attack laterally. On average, it takes one hour and 58 minutes for an attacker to break out, according to Alperovitch. By understanding the time to breakout, Alperovitch said organization can focus on the speed of response.
"You have about two hours to stop them [hackers] at that beach head, to contain them and kick them out before it becomes a big headache," Alperovitch said.
Speed of response relies on multiple factors, including visibility and the ability to rapidly detect security incidents. Overall, there are three key metrics that Alperovitch recommends organizations focus on to improve cybersecurity posture:
- Time to Detection: The best organizations are able to detect an infection within one minute.
- Time to Investigation: The best organizations are able to conduct an investigation within 10 minutes of identifying an infection.
- Time to Remediation: The best organization are able to remediate a cybersecurity incident within one hour of it first being detected.
"Do all those things rapidly," he said. "You'll manage to contain them at the beach head and stop the breach."
Watch the video interview with CrowdStrike CTO Dmitri Alperovitch below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.