Detecting Insider & External Threats With Risk Score Correlation
Introduction
There is a long held truth in the business world that risk is equal to the threat, multiplied by the asset, multiplied by the vulnerability. This equation, while not truly defining risk, helps calculate the exposure to risk based on certain factors which you may or may not be able to control. Simply put, risk can be defined as the likelihood that something bad will happen that causes harm to an information asset. With the ever changing nature of both internal and external threats to an enterprise, risk must be able to be dynamically monitored and calculated in a repeatable way, allowing for real time risk scoring of threats to the environment.
NitroSecurity's new NitroRSC™ Correlation Engine can help enterprises, regardless of size, to accomplish this in a systematic, repeatable manner. The NitroRSC Correlation Engine is not simply a one-size-fits-all solution, since no enterprise faces exactly the same threats, has the same assets, or is exposed to the same vulnerabilities. In order to truly calculate the risk score for an asset based on the events targeting that asset, NitroSecurity has expanded the basic risk equation to include additional factors, going beyond exposure to risk, and painting a true picture of risk that includes new and emerging threats that evade detection by current rules-based correlation systems.
Rule-based systems, however, are still a necessary component of any enterprise security strategy. Risk correlation results in active scores that lead to actionable alerts which detail the potential risk to an asset, by a user, or from a series of parameters which may not occur in any particular order. Rules on the other hand address established patterns and are useful in determining if attack vectors that follow a set pattern are present. The combination of both risk-based and rule-based systems provides the most complete visibility into an organization's threat environment.
