International. In 2019, ponemon Institute found that the average lifecycle of a security breach is 279 days, and it took companies 206 days to identify it and then an additional 73 days to contain it.
The CSIRT or Computer Security Incident Response Team, for its acronym in English, is a team made up of experts in computer security that has the responsibility of carrying out a continuous monitoring of the equipment of an organization to minimize and control the damages before a cyberattack.
In a CSIRT there are several categories of services: reactive and proactive. Reagents are made due to an unwanted or unexpected security event detected through specialized teams, which predict internal or external security incidents, or at the request of a member of the organization who has identified an anomaly in the technological infrastructure. On the other hand, proactive services contribute to the protection of the technological infrastructure and an advanced analysis of cyberthreats is carried out personalized according to the needs, services and products offered by the company.
"Cyber attacks can affect the confidentiality, integrity and availability of the information and services that the organization has, which is why it is essential to have a trained and competent team for the proactive management of security events and incidents," says Juan David Valderrama, Director of Cybersecurity and Risks at Gamma Ingenieros.
When there is a cyber attack within an organization, the following phases must be followed: identification, analysis, categorization of the event, prioritization (in case there is more than one incident at a time), prior management of the risks in the information assets of the company, which allows me to classify and measure their criticality; containment; research in support with computer forensics to know the initial attack vector to be able to reach the eradication of the incident, and finally, this experience is taken to a clinic of incidents or lessons learned to prevent it from happening again on another information asset.
To carry out this proactive process, it is important to use Artificial Intelligence and machine learning in order to autonomously identify and detect anomalous events, behavioral deviations and breaches at the security level, which cannot be detected with traditional security equipment.
Likewise, the use of SOAR (Security Orchestration, Automation and Response) tools allows task automation, basic security classification and respond autonomously or supervised to security events, allowing savings in operational costs so that security experts have more time to look for threats instead of responding to them.
Some business sectors have benefited from the use of these tools. Below, we name some of them.
- Government: detect anomalous patterns of people, entities or machines to generate fraud.
- Telecommunications: through the CSIRT, information on anomalous connections in ports has been identified and likewise, they detect users who have skipped restrictions of the systems, generating frauds achieving free navigation, among other deviations.
- Financial: due to the high banking activity, anomalies in transactions are frequent. These tools help detect bank fraud.
- Education: in universities it is common to detect anomalous behaviors of students, related to fraud, such as the change of grades in the grading system.
Having a security team trained in organizations allows you to act proactively through the continuous monitoring of company inside information, in order to avoid monetary losses and valuable information. Likewise, the use of artificial intelligence has allowed greater proactivity, savings in process times and ease of detection of cyber attacks in different business sectors.
