New tactics needed to search for, destroy network invaders

As hackers become craftier and vulnerable data multiplies, security vendors must get faster, more flexible at defense

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The evo­lu­tion of cyber crim­i­nals and the rapid expan­sion of busi­ness data are quick­ly start­ing to out­pace the detec­tion capa­bil­i­ties of most secu­ri­ty vendors.

Ed note_Bricata_John PircEnter­pris­es today must deal with mas­sive increas­es in mal­ware pro­duc­tion. Symantec’s 2015 Inter­net Secu­ri­ty Threat Report cit­ed more than 317 mil­lion new pieces of mal­ware cre­at­ed in 2014. Mean­while, enter­pris­es also must han­dle expo­nen­tial growth in busi­ness data and net­work traffic.

While most of this data and traf­fic is legit­i­mate, the sheer vol­ume gen­er­at­ed on a dai­ly basis makes find­ing mali­cious traf­fic even hard­er. Intru­sion Pre­ven­tion Sys­tems (IPS) are essen­tial to stop­ping the vast major­i­ty of attacks. But exist­ing secu­ri­ty tech­nolo­gies strain to have to process more and more data every day to iden­ti­fy and stop threats.

This is in large part due to the grow­ing threat sur­face. Bring your own device (BYOD) and mobile con­nec­tiv­i­ty extend the tra­di­tion­al net­work perime­ter to a wide range of off-premis­es loca­tions that are far less secure

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

But this is just part of the issue. Get­ting a foothold on one device doesn’t grant unfet­tered access to all net­work resources. Crim­i­nals still have to move lat­er­al­ly and com­pro­mise oth­er sys­tems on the net­work in order to access and steal valu­able data.

Once they’re inside the perime­ter, they typ­i­cal­ly go unde­tect­ed for a very long time. The 2014 Man­di­ant Report cit­ed the medi­an length of time attack groups were present on a net­work before being dis­cov­ered was 229 days. That is sim­ply unacceptable.

A new approach is need­ed. The solu­tion isn’t to keep throw­ing mon­ey at lega­cy tech­nolo­gies that are not flex­i­ble enough and can­not scale to meet the new demands.

New tac­tics, tech­niques and pro­ce­dures (TTPs) are need­ed for secu­ri­ty ven­dors to devel­op auto­mat­ed defense capa­bil­i­ties that can func­tion at net­work inspec­tion speeds required.

Name­ly, they need the abil­i­ty to piv­ot quick­ly to han­dle new forms of detec­tion and incor­po­rate fea­tures that real­ly solve a problem—such as inte­grat­ed net­work foren­sics and breach detec­tion. They also need faster speeds with greater effi­cien­cy and econ­o­my to reduce costs.

Perime­ter defense is still crit­i­cal. With­out intru­sion pre­ven­tion sys­tems, orga­ni­za­tions would be inun­dat­ed with attacks. But to bet­ter defend the perime­ter, we have to focus on ways to inte­grate advanced detec­tion and rapid response capabilities.

More on data security:
To man­age antivirus solu­tions, SMBs need a secu­ri­ty mind-set
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats
Hack­ers dig deep­er, use net­work tools to do their dirty work