New tactics needed to search for, destroy network invaders
As hackers become craftier and vulnerable data multiplies, security vendors must get faster, more flexible at defense
By John Pirc, Special to ThirdCertainty
The evolution of cyber criminals and the rapid expansion of business data are quickly starting to outpace the detection capabilities of most security vendors.
Enterprises today must deal with massive increases in malware production. Symantec’s 2015 Internet Security Threat Report cited more than 317 million new pieces of malware created in 2014. Meanwhile, enterprises also must handle exponential growth in business data and network traffic.
While most of this data and traffic is legitimate, the sheer volume generated on a daily basis makes finding malicious traffic even harder. Intrusion Prevention Systems (IPS) are essential to stopping the vast majority of attacks. But existing security technologies strain to have to process more and more data every day to identify and stop threats.
This is in large part due to the growing threat surface. Bring your own device (BYOD) and mobile connectivity extend the traditional network perimeter to a wide range of off-premises locations that are far less secure
Security & Privacy News Roundup: Stay informed of key patterns and trends
But this is just part of the issue. Getting a foothold on one device doesn’t grant unfettered access to all network resources. Criminals still have to move laterally and compromise other systems on the network in order to access and steal valuable data.
Once they’re inside the perimeter, they typically go undetected for a very long time. The 2014 Mandiant Report cited the median length of time attack groups were present on a network before being discovered was 229 days. That is simply unacceptable.
A new approach is needed. The solution isn’t to keep throwing money at legacy technologies that are not flexible enough and cannot scale to meet the new demands.
New tactics, techniques and procedures (TTPs) are needed for security vendors to develop automated defense capabilities that can function at network inspection speeds required.
Namely, they need the ability to pivot quickly to handle new forms of detection and incorporate features that really solve a problem—such as integrated network forensics and breach detection. They also need faster speeds with greater efficiency and economy to reduce costs.
Perimeter defense is still critical. Without intrusion prevention systems, organizations would be inundated with attacks. But to better defend the perimeter, we have to focus on ways to integrate advanced detection and rapid response capabilities.
More on data security:
To manage antivirus solutions, SMBs need a security mind-set
Managed security services help SMBs take aim at security threats
Hackers dig deeper, use network tools to do their dirty work