Page 61 - Cyber Warnings
P. 61
Recreating the Past
The majority of breaches—70 percent—are detected by third parties, The Ponemon Institute
has found. This is the call that every C-level executive dreads, and the immediate concern is to
determine the extent of the breach and the company’s exposure.
The C-level executive will expect the security team to be able to report exactly what happened,
when it happened and why it happened within a matter of hours.
At issue is the fact that the majority of today’s security solutions are built to prevent and detect
solutions in real time or at least near-real time. The ability to reconstruct the anatomy of an
attack in detail is often impossible, especially if the attack took place up to six months ago.
There is therefore a strong case to be made for establishing the capability to record network
traffic in a way that will allow the reconstruction of a breach even months after the fact.
The solution is a network recording or packet capture-to-disk capability, which allows every
packet on the network to be recorded at speeds up to 100 Gbps, but can also provide multiple
security analysis applications access to the same data. This allows deep-dive analysis of
reliable network data on demand to support near-real-time forensic analysis or analysis of
breaches several months in the past.
Learning to Adapt Security
Gartner discussed the idea of an adaptive security architecture in a recent report, concluding
that there is an over-reliance on security prevention solutions, which are insufficient to protect
against motivated, advanced attackers. The alternative proposed was an adaptive security
architecture based on the following critical capabilities:
• Prevention to stop attacks
• Detection to find attacks that have evaded preventive capabilities
• Retrospection to react to attacks and perform forensic analysis
• Prediction to learn from attacks and industry intelligence to improve capabilities and
proactively predict potential new attacks
What enables all of these capabilities and creates an adaptive security architecture framework
is the ability to perform continuous monitoring and analytics, including network monitoring and
analysis.
The Whole Security Package
By gathering together advanced threat detection solutions with next-generation SIEM solutions
and packet capture capabilities, the stage is set for the infrastructure to support an adaptive
security framework:
61 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide