Las Vegas has a tendency to overload all of your senses. Similarly Black Hat, too, has the effect of inducing information overload on nearly every participant.
Reflecting on the week at Black Hat and retracing the events that led to the additional 5 pounds around my waist, several themes bubbled up from the week: Was it the back-to-back cocktails and multiple dinners per evening? Probably. Just as I suffered culinary and caloric excess, every security practitioner I spoke to suffered from information overload: Endpoint Detection Response (EDR), Security Analytics, Big Data, Sandboxing, Deception, Threat Feeds, Orchestration, and the list goes on. It is becoming increasingly challenging to distinguish one solution from another and to understand the operational impact of the combinations of these (arguably important) layers of the security stack.
Just as I’m embarking on a calorie-cutting regime, most of the security teams I met are being asked to do more with less, and to find ways to limit the overwhelming and constantly growing influx of events to triage, analyze, prioritize, and mitigate; CXO’s are asking the security engineering teams “Why can’t we just eliminate these risks before they get onto our networks?”
This is where Isolation provides a promising alternative: Eliminate the threat from the most prevalent attack vectors – web and phish credential harvest – and by extension eliminate the events and operational cost of cleanup from these vectors. Menlo has a growing number of customers who have eliminated ransomware by isolating their users’ web sessions via the Menlo Security Isolation Platform, eliminated the cost of cleanup from inadvertent drive-by exploitations and infections, and eliminated the possibility of phish via the isolation of all email message content.There is a light at the end of the tunnel – both for the 5 pounds around my waist, and for the Security Operations and Cyber Teams reducing the tsunami of events and alerts.