[BreachExchange] Eliminating white space between security products
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Oct 28 17:26:34 EDT 2016
http://www.itproportal.com/features/eliminating-white-
space-between-security-products/
There were over 3,141 confirmed data breaches in 2015 and that doesn't
include the ones that were never reported or detected. Yahoo's recent
attack involved at least 500 million user accounts. Clearly the security
problem is getting worse, not better.
Many breaches aren’t swift attacks. Cyber criminals often gain access with
valid user credentials, then linger in the system undetected for weeks or
even months, stealing valuable data at their leisure. This is despite the
fact that some enterprises deploy security point solutions in the hopes of
stopping a data breach. The problem can sometimes be the whitespace between
security solutions and once they gain access (usually with valid user
credentials) they gain a foothold and can sit silent and undetected for
weeks if not months, waiting to inflict damage.
Do you think you know:
1) How serious that problem is?
2) What it takes to solve it?
While big breaches make the headlines, even a small breach can permanently
poison a company's brand and financial future. Customers have long
memories, regulatory fines can be devastating, and "minor" repercussions
like overworked staff and internal chaos can have a lasting impact.
Many breached companies – and skittish organisations that have learned from
their losses - will often invest in new security point solutions after a
breach, in hopes of preventing the next attack. But does adding more red
tape solve the gaps between siloed security products, or is it a temporary
solution?
Anatomy of a typical breach
Let's trace the path of a typical breach. It might start with a successful
phishing attempt involving an employee. The criminal gets inside the
network and is undetected due to the deception of looking like an
authenticated user. They assess the lay of the land, learning how to
escalate their privileges and moving laterally in the system. At that
point, they’re still unobserved and have the time and opportunity to obtain
their goal – stealing private customer information, or copying company
intellectual property for example.
To put this in terms we’re all familiar with, consider the Target attack.
Shortly after being certified as PCI-DSS compliant in 2013, Target was
breached. Were they immediately aware? No. The attackers tested their
malware, realised Target’s security system wasn’t stopping them, and
installed it. Several security alerts were triggered, but the Target
security team missed the warnings as they did not collectively paint a
clear picture. The attackers were free to begin exfiltrating data.
Eventually it was the Department of Justice that notified Target of the
breach. Only then did Target act – announcing that 40 million payment card
data records were stolen. Later they then added an additional 70 million
records to that number.
This is one illustration of why criminals are staying undetected with so
many security tools in place. The alerts aren't correlated. There’s what we
call white space between security solutions - and attackers know just how
to exploit that lack of visibility.
Tackling the white space
The white space exists because most security vendors approach the problem
as only a piece of the overall attack lifecycle. Naturally security teams
wind up acquiring multiple solutions from various vendors to cover all of
its cyber security requirements. But as a result they begin to feel
overwhelmed, working harder and harder (but not necessarily more
effectively) to manage all of the systems, and find that malicious actors
keep slipping in between solutions anyway.
Fortunately, prominent cyber security companies are joining forces and
collaborating to help protect this unprotected white space and prevent
unnecessary data breaches. By formulating these alliances we and other
partner companies can offer a solution that will help organisations address
every stage of the attack lifecycle from initial penetration, to lateral
movement, to escalating privileges with best of breed solutions. This
involves a connected framework that leverages multiple datasets to
determine risk or evidence of the attack, reduce the time it takes to
detect criminals, and limit exposure. All while providing smooth access for
valid users.
Failing to adequately prepare, mitigate, and action upon threats to your
business is not an option. Businesses of all sizes, in all industries,
should be continually looking for new ways to keep secure as the prevalence
of cyber-attacks continues.
Trusted partner alliances enable you to come to one place for multiple
security needs and be certain that all the ways into your network are
protected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161028/1551b532/attachment.html>
More information about the BreachExchange
mailing list