Page 15 - index
P. 15
Time is not on your side.
The threat landscape is forever expanding and adapting. With millions of malicious users hiding
amongst billions of legitimate users, it is no wonder that cyber attacks are consistently at the
forefront of every major news station.
Cyber security systems must be able to meet the breadth of today’s attacks. Without this sort of
scalable solution in place, the next breach could be right around the corner.
One of the biggest issues in cyber security today is the widening time gap between an adversary’s
ability to breach a network, and the security team’s ability to discover that breach.
The threat landscape is a dynamic attack surface; keeping up with the changes is proving to be a
losing strategy. Adversaries are taking advantage of the slow speeds in which a security team is
able to respond to the attacks.
According to the Verizon Data Breach Investigations Report (DBIR), as many as 90% of reported
breaches occur within “a few days.” These breaches can take all forms, from spear phishing and
social engineering, to exploits and tampering. It’s getting easier and easier to check new malware
against the existing signature databases to ensure that the latest attack won’t be immediately
detected.
Malware is even being developed to detect that it’s being run in a virtual environment, and not
disclose it’s true intent.
With the same criteria of within “a few days,” the DBIR report indicates that security teams are able
to discover only 30% of breaches. In an ideal world, security teams would discover a breach within
seconds of it occurring, enabling the fastest response possible to the incident, preventing a
compromise from becoming a crisis.
In reality, it takes days, weeks, and even months to discover these breaches, ranging in severity
from fairly benign to state-sponsored Advanced Persistent Threats (APTs). Likely, there are
breaches in enterprise networks that persist for years, completely undetected.
How will the tables be turned? Is it possible to close this gap?
In most enterprises today, security teams are designed to take on these challenges. This is a
monumental job, and there are varying levels of success throughout the industry. Logistical
problems, such as geographic location, have to be factored in.
What if there isn’t enough security talent in my location to be able to bring in the best? Technology
problems will continue to evolve. What if we experience a breach the likes of which nobody has
ever seen before? There is no user manual for dealing with these new emerging threats.
15 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
