Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

F-Secure Enters Incident Response Arena

The focus of security is shifting from perimeter protection to network detection. Anti-virus at the perimeter is no longer enough, and the AV industry itself has long said that it should be part of a multi-layered defense. Now a major AV vendor is providing one of those additional layers with the launch of its own incident detection and response service.

The focus of security is shifting from perimeter protection to network detection. Anti-virus at the perimeter is no longer enough, and the AV industry itself has long said that it should be part of a multi-layered defense. Now a major AV vendor is providing one of those additional layers with the launch of its own incident detection and response service.

In its announcement today, F-Secure says the “Rapid Detection Service leverages the strengths of both human and machine intelligence to provide an all-in-one intrusion detection and response service that’s ready to go immediately.” 

The machine element comes from lightweight endpoint and network decoy sensors that collect data about events and activities. This data is sent to the F-Secure Rapid Detection Center for threat intelligence and behavioral analysis. Anomalies, which can be detected in near realtime, are highlighted to the F-Secure team of security experts (the human intelligence) who launch any necessary response. The customer will receive breach notification and an offer of assistance within 30 minutes of the system detecting the anomaly.

It’s a logical move for any AV company. They have rested on their laurels for too long, and allowed other firms, like FireEye and SecureWorks, to take center stage in incident response. But AV has all the major components already in place. It has a huge global threat intelligence network; it understands malware and the hacker mentality; and it has more experience in threat detection than any other market segment.

The behavioral analysis engine is maintained in F-Secure’s cloud. “We have a long history of building artificial intelligence-based systems,” Marko Finnig, the director of advanced threat protection at F-Secure, told SecurityWeek; “we actually started the work over 10 years ago. Part of the work is fully extendable to be able to look beyond malware behavior – which is what we have done. We also have a new set of advanced algorithms,” he added, “developed specifically to find relevant security anomalies from stored big data.”

F-Secure is also majoring on the ‘human intelligence’ side of its service. Cyber security advisor Erka Koivunen, comments, “Attackers are human, so to detect them you can’t rely on machines alone. Our experts know how attackers think, the very tactics they use to hide their presence from standard means of detection. The human factor also eliminates false positives, which are an extreme waste of resources.” The Target breach famously followed an automated alert from its threat detection system, supposedly within a large number of false positives. 

The data collected by the F-Secure sensors for analysis is metadata. The sensors are located on the corporate network and user endpoints, and the system doesn’t look inside any files. F-Secure says no private or personal data is collected, and the company expects and has experienced no push back from privacy conscious users. This is increasingly important for compliance with European data protection laws. 

Finnig told SecurityWeek that the system had been tested with almost 40 different organizations, and the privacy policy had evolved from such discussions. “The most common concern of our customers,” he added, “is do we move any personal data – and our answer is no.” He noted that the system has support from PCI-DSS, allowing banks to run the system in PCI-certified environments.

Advertisement. Scroll to continue reading.
Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.