dcsimg

Reduce Data Breach Damage by Improving Detection and Response

  • Reduce Data Breach Damage by Improving Detection and Response-

    The Attack

    Attackers are gaining more time between the initial malware attack and detection. Malware sandbox detection is not a new tactic on the part of malware authors, but it is becoming more commonplace. This tactic allows many varieties of malware to detect the presence of the malware sandbox system and evade detection. Also, online, cloud-based services are available for hackers who wish to test their malware against all the latest versions of antivirus software. In addition to making malware as stealthy as possible, stolen credentials allow hackers to act as legitimate users, making it even more difficult to find them.

    Tip: Organizations can no longer focus on finding the single origin of a breach. With hackers' ability to easily evade malware detection and switch identities once inside a network, it's useless to monitor the endpoint. Instead of looking for the initial attack, security teams must focus on what happens once attackers are inside.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

Reduce Data Breach Damage by Improving Detection and Response

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
  • Reduce Data Breach Damage by Improving Detection and Response-2

    The Attack

    Attackers are gaining more time between the initial malware attack and detection. Malware sandbox detection is not a new tactic on the part of malware authors, but it is becoming more commonplace. This tactic allows many varieties of malware to detect the presence of the malware sandbox system and evade detection. Also, online, cloud-based services are available for hackers who wish to test their malware against all the latest versions of antivirus software. In addition to making malware as stealthy as possible, stolen credentials allow hackers to act as legitimate users, making it even more difficult to find them.

    Tip: Organizations can no longer focus on finding the single origin of a breach. With hackers' ability to easily evade malware detection and switch identities once inside a network, it's useless to monitor the endpoint. Instead of looking for the initial attack, security teams must focus on what happens once attackers are inside.

Why should business leaders care how much time it takes to detect a breach? It's a common misconception that a breach is a breach – whether you spot it on day one or weeks later. In actuality, the time it takes to detect a breach directly correlates to the damage done and the cost to your organization. In June 2015, the Ponemon Institute released its annual cost of a data breach study and for the first time pointed out the direct relationship between the time it takes to detect a breach and the cost of the data breach itself.

When it comes to the damage done, look no further than the Office of Personnel Management (OPM) data breach as an example. The breach, which wasn't discovered for more than a year, led to waves of identity theft and numerous counts of identity switching by hackers, making them harder to find once the breach was discovered.

According to Exabeam, as an industry, our focus needs to shift from prevention to detection and response acceleration; there is no band-aid solution for keeping hackers out. The new age of security technology will focus on solutions that speed up, automate and ideally combine phases of the typical security process. By learning how hackers manipulate networks throughout phases of a breach, organizations can make the shift to a better security process.