This post is also available in: 日本語 (Japanese)
The U.S. Securities and Exchange Commission (SEC) has placed cybersecurity at the center of public company governance with its new cybersecurity incident reporting rule. Companies must disclose not only information on their cybersecurity risk management processes in their annual reports but also any cybersecurity incident, or series of incidents, that are “material” to the company and must do so within four days of determining that the incident was material. Regulators around the globe are requiring that companies report more about cyber incidents in defined sets of time and, in doing so, are illuminating a truth we have long known – organizations must embrace a new approach to implementing security solutions to defeat motivated, well-financed and ever more sophisticated cyber attackers.
In finalizing the rule, the SEC observed that disclosure and reporting practices varied across publicly traded companies, and reasoned that a more standardized approach would better serve investors. Unfortunately, a standardized approach reflecting most companies’ capabilities today would not yield impressive results. According to the up-to-date analysis of incident response from Unit 42, it takes companies an average of 5.5 days to initially contain an incident once discovered, and full recovery and remediation can take additional weeks or even months. These numbers are underwhelming, but they are not surprising given the flawed way too many organizations select and use their security solutions. Organizations are deploying disaggregated products to address discrete threats that do not provide a holistic picture of the threat landscape, unify data into actionable insights, or proactively hunt for potential attacks. The result is a 55% increase in vulnerability exploits in the wild from 2021 to 2022 (source: 2023 Unit 42 Network Threat Trends Research Report).
We can do better and these regulatory trends should catalyze companies to consider how best to dramatically reduce their chances of ever having a material incident in the first place. The next generation of AI-powered cybersecurity solutions, such as CortexⓇ XSIAM from Palo Alto Networks, are built to meet and defeat the cyber threats we see now and expect to see in the future and, in the process, drive significantly faster and better security outcomes. A common sense framework underpins the advanced capabilities of XSIAM, which will enable any company to reimagine its security operations.
XSIAM employs every element of this framework today. It is an AI-powered platform that can revolutionize the SOC and deliver step-function improvements in MTTD and MTTR. The platform combines our knowledge of every known attack pattern (Palo Alto Networks detects over 275,000 new attack patterns each day) with AI-based prediction and analytics to protect against new, as yet unseen attack patterns. With prebuilt integrations to over 900 cybersecurity products, XSIAM allows companies to remediate incidents in near real-time, using the richest, context-aware playbooks in the industry.
XSIAM produces staggering improvements in outcomes. Historically, the Palo Alto Networks SOC analysts spent most of their day triaging alerts, with each analyst manually investigating about 13 incidents per day. After deploying XSIAM, those same analysts now spend 70% of their day threat hunting and running attack simulations because they enjoy 100% alert coverage from AI and automation. Manual incident investigations are down to eight per day and, most crucially, the SOC has reduced its MTTD to less than one minute, and its MTTR to a few minutes. And, in the last three years, the average number of events presented per day has increased from one billion to 36 billion.
That is the power of XSIAM – true, machine-scale AI applied to analyze large amounts of data in real-time to protect against known and unknown threats. This automated solution will facilitate an organization’s determination of whether an incident is “material” and dramatically reduce its remediation window from days and hours to minutes.
Finally, a full reimagining of your security operations requires additional strategies:
The SEC’s new incident reporting rules reflect one of the core challenges of our age – protecting our digital way of life from persistent, tenacious and ingenious cyber attackers. A marriage of smart, next-generation security platforms and sound corporate governance practices will be a powerful means to meet this challenge.