You can’t go too far these days without hearing about a major security breach. Equifax being the latest to fall prey to cunning hackers and devious elements out there. But just a few months back, a large Edmonton college was stung for over $10 million and it was determined the hack came via a 3rd party contractor. 4 million customers had their information exposed in the Time Warner compromise. In the Verizon breach, that number rose to 14 million.
Third-party cloud vulnerabilities were responsible for both. And we all know about the Yahoo breach. UPDATE: Since I wrote this last week, news that all Yahoo accounts were hacked. And it isn’t just customer data at risk, it is often sensitive intellectual property. Organizations are at a critical juncture in enterprise security. Even the best efforts of traditional security solutions like perimeter, network and endpoint security defences, these types of attacks will only increase as the criminal elements become increasingly more sophisticated. They have moved beyond “smash and grab” tactics to a long-term presence on corporate systems. These evolving threats complicate detection efforts as more difficult to detect cyber attacks which leverage normal tools, already present in an enterprise, to achieve their mission.
Signature-based security tools consistently fail to detect cloud-based threats like these, which are often subtle and unique from threats found on the physical network. Today’s enterprises have no way to quickly and efficiently determine if they have been breached or if a breach is imminent. Enterprises need a solution with actionable intelligence to effectively respond to these threats. They also need the ability to understand user and entity behavioural analysis capabilities which can be effective in detecting such threats and their associated malicious behaviours. Rapid detection and response are critical in a modern cloud and hybrid environments. While some organizations use Security Information and Event Management (SIEM) solutions to better correlate the information from a variety of tools, SIEM solutions aren’t without shortcomings—they rely on human analysis which can stretch the capacity of a workforce.
Too often organizations deploy a variety of point solutions that make it difficult to effectively detect advanced threats and attack campaigns. This piecemeal approach creates gaps and challenges that can limit security. With these different security systems and their unique or proprietary dashboards installed, blind spots occur in the analysis and integration of all the data. So, what can you do to improve security and more quickly respond to threats?
“Traditionally, when we think about security and protecting ourselves, we think in terms of armour or walls. Increasingly, I find myself looking to medicine and thinking about viruses, antibodies. Part of the reason why cybersecurity continues to be so hard is that the threat is not a bunch of tanks rolling at you but a whole bunch of systems that may be vulnerable to a worm getting in there. It means that we’ve got to think differently about our security.” President Obama, 2016
It’s important to note that there are solutions, so don’t give up and stick your head in the sand. One security company is leading the way – DarkTrace. With a unique combination of expertise in mathematics, software, and intelligence, DarkTrace has delivered the world’s first operational Enterprise Immune System. Their leading-edge solution gives organizations the ability to detect emerging cyber-threats, allowing them the opportunity to proactively defend against in-progress cyber-attacks that evade traditional security tools. The Enterprise Immune System technology uses machine learning and mathematics to monitor behaviours and detects anomalies in your organization’s network. This mathematical approach does not require signatures or rules and so can detect emerging ‘unknown unknown’ attacks that have not been seen before. It is self-learning and is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. By applying its unique, unsupervised machine learning, DarkTrace has identified 48,000 previously unknown threats in over 3,000 networks, including zero-days, insider threats, and subtle, stealthy attacks. Too often, subtle anomalies like these are obscured by the cloud or lost in the noise of the network. Traditional security tools tend to have limited visibility of cloud activity, and even then, they only look for known threats. This vulnerability was unique and would have gone undetected by signature-based controls. Getting—and staying—in front of today’s evolving threats requires more meaningful, comprehensive visibility, regardless of the products or endpoints or vendor partner. This is the kind of holistic view you need to detect and respond to threats with greater speed and accuracy. Cadeon is a proud partner with Darktrace to clients across Canada. To learn more about the threats Darktrace finds, reach out to Cadeon at 403-465-1533.