{"id":3027,"date":"2020-05-14T15:06:28","date_gmt":"2020-05-14T19:06:28","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=3027"},"modified":"2020-05-14T15:06:28","modified_gmt":"2020-05-14T19:06:28","slug":"focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/","title":{"rendered":"Focusing on the Entity \u2013 A Lesson for Cyber Security from the Coronavirus by empow"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-2605 size-full\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\" alt=\"Focusing on the Entity \u2013 A Lesson for Cybersecurity from the Coronavirus by empow \" width=\"800\" height=\"450\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod-300x169.png 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod-768x432.png 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod-480x270.png 480w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod-144x81.png 144w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod-320x180.png 320w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><em>By Haim Zlatokrilov, VP of Products at <\/em><a href=\"https:\/\/empow.co\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>empow<\/em><\/a><\/p>\n<p style=\"text-align: justify\">As the world goes through the worst health crisis in a century, and the first one occurring in the digital age, we are learning on the go. One of the only ways we can learn is to analyze how different countries with different approaches have dealt with the virus, and what the results are. Interestingly, there are lessons that we can take from this experience that can help us in the arena of cybersecurity.<\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n<p style=\"text-align: justify\">The approaches that have clearly yielded the best results during this crisis include widespread testing and taking drastic steps <em>early<\/em> \u2013 like stopping flights and implementing strict \u2018shelter at home\u2019 orders. An aspect of this approach that has worked well for the countries with the lowest illness and death rates during Coronavirus is focusing on people rather than events.<\/p>\n<p style=\"text-align: justify\">For example in Israel, during the early days of the virus spread, each person who tested positive was tracked, with newspapers detailing where he or she had gone before being diagnosed, and people who were in the vicinity going into mandatory quarantine (later this was automated so that people got alerts on their cell phones if they had been in the vicinity of someone who tested positive for COVID-19). Strict early measures enabled the country to keep tabs on everyone with the virus for a relatively long time. Similar measures were effective in countries like Singapore and Taiwan.<\/p>\n<p style=\"text-align: justify\">In the U.S., the U.K. and a number of other countries hit hard by the virus, the approach was different.\u00a0 By the time measures were taken it was no longer possible to attribute the spread to individuals, but rather there were tragic \u201cevents\u201d underway \u2013 like the spread in a nursing home in Washington State and the catastrophic situation in New York City.<\/p>\n<p style=\"text-align: justify\">Though there were other factors involved in how fast the virus was spreading, the results of the different approaches are clear \u2013 as of April 26, there were 199 deaths in Israel from COVID-19. In New Jersey, with comparable size and population, there were 5,863 deaths.<\/p>\n<p style=\"text-align: justify\">In cybersecurity, we face viruses and attacks of a completely different sort, but we can learn from the entity-focused approach. The security at most medium and large organizations is managed by Security Information and <strong>Event <\/strong>Management (SIEM) tools, which provide an overview of the different security tools, orchestrate them and coordinate response, at least in theory. In practice, SIEMs inundate security operations teams with mountains of false alerts and a workload that is unreasonable to the point of being ineffective.<\/p>\n<p style=\"text-align: justify\">One of the pitfalls in the approach of most SIEMs is the focus on events. For example, a security analyst may get an alert from an anti-virus tool saying a computer has been infected. The information he or she receives may include different entities, such as users, hosts, email addresses, etc. (some could be perpetrators, some victims), or they could get only IP information. Then the work for the analyst really begins: understanding which user entities are connected to the attacked entity, triaging the information, trying to sort out which other events took place in relation to the entity, and building an overall picture of the attack. By the time the analyst has researched all the information, it well may be too late to effectively stop the attack.<\/p>\n<p style=\"text-align: justify\">A different, more effective SIEM approach would redefine SIEM as a Security Information and <strong><em>Entity<\/em><\/strong> Management tool. In this scenario, when the SIEM sends an alert to the analyst, it is an entity-based alert, already showing the analyst ALL the actions taken to and on the particular entity at risk. Such a SIEM platform uses automation to conduct much of the research and triage usually left up to the analyst. The high-quality information that <em>is <\/em>brought to the analyst, in entity form, is already clear as to who the victim is and what actions have been taken against him or her over time. This allows the analyst to make quick triage decisions and take action to mitigate the attack.<\/p>\n<p style=\"text-align: justify\">Like the Coronavirus victim in our analogy, the cyberattack victim is then isolated so that it is much easier to see who else in the organization was in contact with the entity, preventing them from unwittingly infect others in the organization.\u00a0 This would all be done at an early stage, making the entire approach timely and effective.<\/p>\n<p style=\"text-align: justify\"><em>Thanks to Haim Zlatokrilov, VP of Products at <a href=\"https:\/\/empow.co\/\" target=\"_blank\" rel=\"noopener noreferrer\">empow<\/a> for this incredible insight into entity-based cybersecurity. Check out the <a href=\"https:\/\/solutionsreview.com\/security-information-event-management\/siem-buyers-guide-security-information-and-event-management\/\" target=\"_blank\" rel=\"noopener noreferrer\">SIEM Buyer&#8217;s Guide<\/a> from Solutions Review as well.\u00a0<\/em><\/p>\n<p><span style=\"font-weight: 400\"><br \/>Widget not in any sidebars<br \/>\u00a0\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Haim Zlatokrilov, VP of Products at empow As the world goes through the worst health crisis in a century, and the first one occurring in the digital age, we are learning on the go. One of the only ways we can learn is to analyze how different countries with different approaches have dealt with [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2605,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[1249,1252,1310,95,1313,1315,1316,112,1314,86,21,57,22],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus<\/title>\n<meta name=\"description\" content=\"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus\" \/>\n<meta property=\"og:description\" content=\"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/\" \/>\n<meta property=\"og:site_name\" content=\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-14T19:06:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/\",\"name\":\"Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"datePublished\":\"2020-05-14T19:06:28+00:00\",\"dateModified\":\"2020-05-14T19:06:28+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png\",\"width\":800,\"height\":450,\"caption\":\"3 Ways to Mitigate False Positives in Your SIEM\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Focusing on the Entity \u2013 A Lesson for Cyber Security from the Coronavirus by empow\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors\",\"description\":\"Buyer&#039;s Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus","description":"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/","og_locale":"en_US","og_type":"article","og_title":"Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus","og_description":"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/","og_site_name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","article_published_time":"2020-05-14T19:06:28+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","type":"image\/png"}],"author":"Ben Canner","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/","name":"Focusing on the Entity: A Lesson for Cybersecurity from the Coronavirus","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","datePublished":"2020-05-14T19:06:28+00:00","dateModified":"2020-05-14T19:06:28+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Haim Zlatokrilov, VP of Products at empow, discusses entity-based cybersecurity, using the spread of COVID-19 as a model for digital infections.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2019\/06\/managed-security-mod.png","width":800,"height":450,"caption":"3 Ways to Mitigate False Positives in Your SIEM"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/focusing-on-the-entity-a-lesson-for-cybersecurity-from-the-coronavirus-by-empow\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"Focusing on the Entity \u2013 A Lesson for Cyber Security from the Coronavirus by empow"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"Best Information Security SIEM Tools, Software, Solutions &amp; Vendors","description":"Buyer&#039;s Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3027"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=3027"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/3027\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/2605"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=3027"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=3027"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=3027"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}