[BreachExchange] Cybersecurity: It's about time

Wed Jul 11 20:33:12 EDT 2018

https://betanews.com/2018/07/11/cybersecurity-its-about-time/

The sprawling and complex set of subjects we call cyber security can all be
tied to one fundamental concept -- time. The time it takes a cyberattack to
penetrate, the time from initial compromise to lateral movement across the
network, the time it takes for an attack to be detected, to be analyzed, to
be responded to and remediated.

Time is one of seven base quantities in the International System of Units
upon which all other measures are constructed. No surprise then that it’s
the single most important factor in cybersecurity program success.

Industry research indicates that within just two hours, on average,
attackers can break out from the initial compromised endpoint and move to
other machines in the network. Assuming machine zero is not the end game,
that’s the window companies have to detect and stop an attack before damage
spreads. Yet according to a Ponemon Institute study, mean dwell time – the
amount of time an attacker lurks in an environment before being detected --
lasts 191 days.

A case in point, Equifax was breached in mid-May 2017 and not discovered
until July 29, 2017. That’s shorter than the average dwell time but still
long enough for catastrophic consequences Damage estimates currently stand
at $439 million, with over 145 million people affected.

There’s a direct relationship between the time an organization takes to
contain a breach and breach costs. The same Ponemon study found that the
cost of a data breach was nearly $1 million lower on average for
organizations that were able to contain a data breach in less than thirty
days.

Unfortunately, time is the one thing security organizations have in short
supply. Some of this boils down to the well-known cybersec labor shortage
-- lack of skilled staff ranks as the top CISO concern, even ahead of
breaches. But much can, ironically, be chalked up to the security
industry’s success. Companies are so swamped with telemetry from security
tools that they can’t wade through the noise. A recent survey by analyst
firm ESG found that 25 percent of cybersecurity and IT professionals state
their security teams spend too much time responding to and investigating
alerts, many of which are false alarms.

The result can be disastrous. Early alerts warned Target’s security team of
malicious activity well before discovery of the now-infamous data breach,
but they were treated as more items in a long list of logged events. No
SecOps team has the time to investigate every incident.

Reclaiming time

So how can companies claw back the time they desperately need to make their
cybersecurity programs more manageable and effective?

The most obvious answer is better prevention. If you prevent attacks from
getting into your organization in the first place then your dwell time
collapses to zero. Most standard prevention solutions like antivirus,
however, offer little protection against the evasive techniques used by
today’s sophisticated attacks. So in terms of reducing overall dwell time,
they don’t contribute much.

The newer crop of AI-based security tools gets closer, reducing threat
detection and response times, but they can never reach the goal of zero as
they will always need some amount of time to identify and decide about a
threat. At the same time, attackers and attack technology are getting
ever-quicker too. So the gap might shrink or grow at times but will always
be there. These solutions also tend to be complex to operate, adding to the
time burden on that front.

To really give time back to security teams we need to step outside the
three dimensional box. Companies must evolve their protection strategies
and incorporate approaches that don’t operate in the time-bound world of
detection and response, away from labor intensive monitoring and analytics.
For example, endpoint technologies that work in the memory space to prevent
attacks from exploiting the resources they need to proceed forward. Or
network defenses like micro-segmentation that shrink the attack surface.
Cybersecurity needs to move into the next dimension. It’s about time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180711/e82057c2/attachment.html>