![\"How](\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2017\/10\/Untitled-1.jpg\")
<\/p>\n<\/p>\n
According to the Ponemon Institute and SIEM solution provider IBM, the average time an enterprise\u2019s security team needs to detect a threat dwelling on their network is 197 days\u2014well over 6 months. After detecting a threat, it can still take an average of 69 days for enterprise security teams to actually contain it and return normalcy to the network.<\/span><\/p>\n The longer an attacker\u2014whether external hacker or insider threat\u2014dwells on your enterprise\u2019s network, the more damage it can do to your most vulnerable and most valuable digital databases. Additionally, dwell time can harm your business processes, your enterprise\u2019s reputation, and your customers\u2019 trust. In fact, there may not be a way to calculate the full financial consequences of a cyber attack with dwell time. In 2018, the average cost of a data breach is $3.86 million, but this itself may not be the full picture. \u00a0<\/span><\/p>\n Chances are a blow to your business of this magnitude would cripple your operations and growth for months or year. Depending on circumstances, it may even permanently shut your doors. Your enterprise needs to take reducing cyber threat dwell time seriously. <\/span><\/p>\n Why does it take so long for enterprises to detect a threat? What can they do to increase their threat detection time and limit dwell time? Here are a few thoughts: \u00a0<\/span><\/p>\n SIEM and security analytics solutions are essential components of any enterprise\u2019s cybersecurity strategy for reducing dwell time. However, it is only half of the equation. The other half is the human intelligence and expertise centralized in your enterprise security team. Without human cybersecurity expertise, your enterprise won\u2019t be able to make sense of the myriad security alerts and log information indicative of a threat provided by your solution. This could allow for a longer threat dwell time. However, because of the current cybersecurity staffing crisis, finding human cybersecurity intelligence is easier said than done. \u00a0<\/span><\/p>\n According to the 2018 Black Hat USE Attendee Survey, 65% of InfoSec professionals don\u2019t have the qualified staff members to handle their enterprise\u2019s digital threats. 66% said they don\u2019t have the skills and training to perform all of their responsibilities. There may be as many as 2 million unfilled cybersecurity jobs by next, according to Cisco. <\/span><\/p>\n If your enterprise is serious about reducing threat dwell time, then it needs to invest in finding cybersecurity intelligence externally or in fostering your internal intelligence through training programs and rewards initiatives. The alternative is letting hackers outwit your solution.<\/span><\/p>\n Additionally, you should make sure you invest in a strong SIEM or security analytics solution. Your human intelligence needs the right weaponry to fight digital threats. \u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n Cyber attacks are usually designed not to attract attention to themselves. This is part of the appeal of next-generation threats capable of slipping past digital perimeters or exploiting natural processes: if they can conceal themselves from the prying eyes of your security team, their dwell time increases substantially. <\/span><\/p>\n Even with the extensive security alerts your SIEM and security analytics solutions provide, it can be extremely difficult to distinguish between a legitimate threat and a false alarm. Compounding this issue especially is the volume of false alarms threat detection solutions can generate; security teams may be flooded with hundreds of alerts a day but only a few of them correlated together indicates a substantial threat. \u00a0<\/span><\/p>\n Threat actors know this and often design their cyber attacks to exploit it as much as possible thereby increasing their dwell time. Therefore, you need to make sure your employees can recognize some of the more common early warning signs of a cyber attack: unusually high system activity, unusual port or application activity, unexpected user account lockouts, unexpected slowdowns or shutdowns, etc. <\/span><\/p>\n Of course, other attacks may present different symptoms, may present multiple symptoms, or they may present no symptoms at all. That is not what is important for your goal of reducing cyber attack dwell time. What matters here is instilling a sense of vigilance and awareness in your employees. Giving them the tools and motivation to follow up on their suspicions will help you find threats faster and more consistently. Nothing scares a criminal more than an alert mark. \u00a0<\/span><\/p>\n Your employees, as is often stated by security experts, are your enterprise\u2019s largest attack vector. Phishing attacks are designed to take advantage of your employee\u2019s trust and ignorance of cybersecurity best practices to gain access to your databases. The overwhelming majority of successful enterprise cyber attacks start with a phishing attack…and human neglect. Further, once a phishing attack has access to your network, it can prove difficult to distinguish their malicious activity from everyday business. \u00a0\u00a0\u00a0<\/span><\/p>\n Yet, as partially illustrated above, your employees could become an essential part of your threat detection platform\u2014so long as you can harness them via an incident response plan. An incident response plan will help your employees stay on alert for potential digital threats. Furthermore, an IRP will give them a clear channel of communication to your security team about their suspicions of potential cyber attacks. <\/span><\/p>\n With such communications in place, dwell time should evaporate. Your enterprise will always be poised to strike at potential threats and remediate them as quickly as possible. A good incident response plan will, of course, require practice and revision, but that sacrifice is well worth limiting hackers\u2019 effectiveness. <\/span><\/p>\n As a side note, your employees should also have the knowledge and processes of checking if an email is legitimate or a phishing attack. Sometimes prevention really is the best medicine. <\/span><\/p>\n Reducing dwell time may seem like a minor concern. But by making your network an inhospitable place for the malicious actor, you can discourage attacks in the first place and make those attacks that do come through minimal bumps in your growth. Seems well worth it to us.<\/p>\n The 10 Coolest SIEM and Security Analytics CEO Leaders<\/a><\/p>\n 5 Tips for Setting Up a Security Operations Center (SOC)<\/a><\/p>\n Get Your Employees to Embrace SIEM Best Practices!<\/a><\/p>\n 4 Tips to Make Data Breach Detection Easier For Your Enterprise<\/a><\/p>\n Enterprises: Don\u2019t Become Complacent in Your Cybersecurity!<\/a><\/p>\n How to Make Your SIEM Solution Deployment Easier for Your Enterprise<\/a><\/p>\n Comparing the Top SIEM Vendors \u2014 Solutions Review<\/a><\/p>\n How UEBA Can Prevent Insider Threats in your Enterprise<\/a><\/p>\n SIEM vs Security Analytics: What\u2019s the Difference?<\/a><\/p>\n Should Risk Analytics Bridge the Cybersecurity Talent Gap?<\/a><\/p>\n What\u2019s Changed? The Gartner 2017 Security Information and Event Management (SIEM) Magic Quadrant<\/a><\/p>\n The 25 Best Security Analytics and SIEM Platforms for 2018<\/a><\/p>\n\t\t\t![](\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2018\/10\/PM_Forrester_Wave_Display_C.jpg\")
<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\nDwell Time Thrives in Resource-Poor Environments<\/b><\/h3>\n
Don\u2019t Allow Threats to Conceal Themselves<\/b><\/h3>\n
Incident Response Plans Are Essential to Dwell Time Reduction<\/b><\/h3>\n
Other Resources from Solution Review:\u00a0<\/strong><\/h4>\n