dcsimg

Tipping the Data Breach Odds in Your Favor

  • Tipping the Data Breach Odds in Your Favor-

    Spotting Intruders

    Why are intruders so hard to spot once inside the network?

    1. Most security infrastructure is built to stop the initial intrusion attempt. Once an attacker has circumvented those systems they are generally incapable of detecting the attacker's activities.
    2. Endpoint security alone lacks the larger context of the network to see the full lifecycle of behaviors of an intruder at work across the network.
    3. Network-only security technology lacks endpoint visibility and therefore is unable to produce high levels of accuracy and actionability related to the specific compromise on the host or user account.
    4. Sandboxing technologies look for "technical artifacts" of an exploit running in a simulated environment but are not suited to detecting the operational activities of a post-intrusion attack.
    5. Security information and event management (SIEM) solutions may be able to catch a sign of an intruder at work, but the alert will likely be buried in hundreds or thousands of false-positive warnings.
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

Tipping the Data Breach Odds in Your Favor

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
  • Tipping the Data Breach Odds in Your Favor-7

    Spotting Intruders

    Why are intruders so hard to spot once inside the network?

    1. Most security infrastructure is built to stop the initial intrusion attempt. Once an attacker has circumvented those systems they are generally incapable of detecting the attacker's activities.
    2. Endpoint security alone lacks the larger context of the network to see the full lifecycle of behaviors of an intruder at work across the network.
    3. Network-only security technology lacks endpoint visibility and therefore is unable to produce high levels of accuracy and actionability related to the specific compromise on the host or user account.
    4. Sandboxing technologies look for "technical artifacts" of an exploit running in a simulated environment but are not suited to detecting the operational activities of a post-intrusion attack.
    5. Security information and event management (SIEM) solutions may be able to catch a sign of an intruder at work, but the alert will likely be buried in hundreds or thousands of false-positive warnings.

Catastrophic data breaches are becoming the new norm. Each week, new data breaches surface, making it clear that cyber criminals are getting the upper hand in breaking into networks and stealing assets.

Most of the industry now understands that 100 percent effective preventative security is impossible to achieve. Both Gartner and the FBI agree. In his keynote to the 2015 RSA Conference in San Francisco, Amit Yoran, the president of RSA, loudly proclaimed that, "the security industry has failed." He noted that, "Beyond this irrational obsession with perimeters, the security profession follows an equally absurd path to detecting these advanced threats."

A motivated attacker will get into your network. The key is how quickly and accurately you are able to find the active breach. Right now, the industry average is about six months. This is where security has failed. The industry is still trying to use a preventative mindset and tools to highlight a breach. Clearly, finding an active breach requires a different approach.

So what do the odds actually look like for an attacker and a defender before an intrusion and afterwards? Can the odds be changed? The answer may surprise you. In this slideshow, LightCyber takes a closer look at how data breaches happen and what you can do to tip the odds back in your favor.