High-profile breaches have recently impacted major brands and consumers, demonstrating that no one is immune from attacks. From ransomware and malware to misconfiguration and lack of updates, the root causes vary, but the end results are the same. New noteworthy victims including Under Armour, Panera Bread, Boeing, Sears, Delta, Saks Fifth Avenue and the City of Atlanta who have all had sensitive data stolen on a grand scale.
While these incidents have gained prominence in the headlines, others abound. According to the Identity Theft Resource Center, as of May 1, 2018, there have been 383 breaches resulting in more than 12.9 million records being exposed. The targets are widespread as well, spanning industries such as financial, business, education, government, and healthcare.
This wide swath across major brands and varying industries indicates that data breaches are not isolated. Regardless of the circumstance, no one and no organization is safe from being hacked. This is by no means an exercise in victim-bashing or fear mongering. Rather, it is important to acknowledge reality so it can be addressed thoughtfully and strategically.
This era is encapsulated by one simple fact: because of the lucrative nature of cybercrime, it is here to stay, and traditional approaches to security aren’t enough. It seems abundantly clear that organizations are outmatched against the continuous onslaught of attacks from hackers with a variety of intentions and skill sets.
The new reality
The truth is, there are so many vectors for a cyber attack, that it is logical to assume that virtually all networks have already been compromised. After all, even the most cautious employee can fall prey to common ploys such as social engineering and spear phishing, which uses publicly available information to target users, or a watering hole attack that compromises frequently-accessed URLs to deliver a malicious payload.
Today’s security landscape is multifaceted and rapidly evolving. With nation-state level hacking tools available on the Dark Web, complete with customer support and the availability of Cybercrime as a Service, a prospective hacker doesn’t need to be a seasoned expert. This, in turn, creates an environment ripe to take advantage of organizations ill-prepared for the fight.
With this reality in mind, rather than solely focusing on keeping hackers out, it makes sense to monitor networks for suspicious anomalies and respond if irregularities are detected – a method known as Managed Detection and Response (MDR). Additionally, when combined with other layers of security including firewalls, endpoints, and applications, MDR can be extremely effective in preserving the sanctity of enterprise networks.
A strategic approach
Managed detection and response combines machine learning with human expertise to help overwhelmed organizations analyze network traffic, seek out vulnerabilities, and mitigate threats. This is especially critical due to the amount of “noise” generated by alerts from traditional security solutions. IT teams are figuratively buried in incident alerts and are almost incapacitated as a result.
Visit Innovation Enterprise's Big Data & Analytics Innovation Summit in Sydney on September 17-18, 2018
A classic example of this situation is the now infamous Target hack. The company had literally invested millions in incident response tools, which proved effective in alerting to the attack. However, these notifications were lost in the avalanche of other alerts.
Typically, IT staff are occupied with supporting daily business functions. They rely on security solutions to bridge the gaps but become frustrated due to the sheer volume of security event reporting and analytics that must be absorbed and addressed. Plus, security systems are siloed solutions and don’t provide an enterprise-wide view of security posture. Managed detection and response is perfectly suited to bypass this challenge. This chart from the National Institute of Standards and Technology (NIST) breaks down cybersecurity standards and best practices, including the elements of managed detection and response:
Managed detection and response
By using a diverse suite of detection and response tools, threat coverage improves dramatically enabling effective and actionable alerting, providing a comprehensive detection and response ecosystem complete with highly actionable data and customized incident response.
This prevents hackers from gaining a foothold and further infiltrating systems and IT professionals can rest easier and spend more time improving business operations as opposed to focusing on demanding security issues.