We see it everywhere: in how we work, live, socialize, and take care of ourselves. Life can change in an instant. Now, more than ever, we know that it’s impossible to take our safety and security for granted. The unprecedented challenges of 2020 have solidified a reality we’ve known for many years: in the modern information age, data security and digital resilience are everyone’s responsibility.
Any organization that deals with data is vulnerable, from small players to large multinationals. Devastating ransomware attacks and public security breaches that compromise personal information are just two examples of attacks that could bring your company to a standstill. And, because attackers can infiltrate your systems without your knowledge, you could unknowingly give an attacker a considerable head start in damaging your organization by compromising your most precious assets: your data.
The sudden shift to remote work in 2020 has opened up more fissures in the cybersecurity landscape, from a sharp rise in phishing attacks to increased ransomware breaches. With bad actors emboldened, the likelihood and impact of cyber attacks have increased. These threats continue to evolve as attackers exploit uncertainty, unprecedented situations, and rapid organizational changes. As just one example, many ransomware families are now equipped to steal data, not just encrypt files. As your organization adapts to changing conditions, you could face potentially significant cybersecurity challenges that demand a rapid and effective response.
When it comes to thwarting cyber attacks, it’s about time.
In today’s environment, you need to assume that there is currently an adversary with malicious intent with a foothold in your environment. Your responsibility is to find and eradicate that foothold before infiltrators compromise your systems.
While some threat vectors can do immediate damage, most attackers take their time after infiltrating your network. Malicious actors can gain access to your system without leaving a trail of evidence. The longer the dwell time between a security breach and the discovery of that breach, the more time you’ve given the hackers to perform reconnaissance and find ways to hurt your business. If you don’t have any way of knowing that your company has been compromised, time will be on your adversaries’ side.
And time is money. The faster a data breach can be identified and contained, the lower the monetary damages.
Breaches with a lifecycle less than 200 days were on average $1.22 million less costly than breaches with a lifecycle of more than 200 days ($3.34 million vs. $4.56 million respectively), a difference of 37 percent.
How can your organization recapture the time advantage from potential attackers? Many companies attempt to set up, integrate, and monitor tools to protect their data and network. But these do-it-yourself solutions can be time-consuming, complicated, and expensive to deploy and maintain. Hiring, training, and maintaining a specialized, highly-trained team to stand up, maintain, and regularly update security solutions costs you both time and resources.
“With threats constantly evolving, your cybersecurity solution must be able to meet the needs of today’s environment and anticipate that adversaries will deploy ever more sophisticated attacks in the future.”
Even with adequate financial resources, cybersecurity experts are hard to find. It all adds up to an environment that can overwhelm even the most well-meaning organizations. The worst decision of all? The decision to do nothing and hope for the best, simply because you don’t know where to start.
A Common Challenge: Focusing on Tools not Telemetry
According to research conducted by Ponemon, in 2019, companies spent an average of $18.4 million annually on cybersecurity; yet, a full 53 percent of IT experts surveyed admitted they did not know how well the tools were working to thwart attacks.
In an attempt to solve this issue, organizations often stand up a SIEM (security information and event management) system to aggregate and correlate logs from their environment: a costly and complicated process. Yet skilled adversaries know how to conceal themselves to all but the most experienced security experts. The ability for organizations to rapidly and continuously analyze events, behaviors and alerts from all aspects of the security stack is paramount, but a SIEM alone lacks the context needed to accelerate detection and response times, monitor network flows, and continuously test configurations.
The solution is a cybersecurity program with the right combination of tools and techniques to offer robust three-dimensional insight into your entire system. The more sources of telemetry your security solution draws from, the more accurate your view of your networks will be. Yet to be fully effective, your solution must be able to converge and correlate data in order to garner insights from the noise. This approach requires both an understanding of each security tool deployed, and the experience to be able to correlate the data accurately. Without this level of expertise, simply layering on tool after tool can result in a cacophony of alerts, unnecessary redundancy, and an overall lack of efficacy that puts you at risk of missing critical alerts.
It’s similar to the triangulation of mobile devices leveraging cell towers. Just as the more towers a cellular device pings off increases the effectiveness of triangulation, so it is with detection and response. Instead of relying on analyst interpretation from disparate and siloed tools; XDR (“eXtended” Detection and Response) offers next-level threat detection and response, collecting and automatically correlating data across multiple security layers and tools – email, endpoint, server, cloud workloads, and network – so threats can be detected faster and security analysts can improve investigation and response times. XDR accelerates your ability and effectiveness to “triangulate” threats.
XDR is architected to extend visibility and analysis to include threat intelligence, telemetries, vulnerabilities, and other relevant IT information. By choosing and integrating the right tools, and by understanding threat actors’ behavior, you can achieve a fully-realized security program with a correlated single pane of glass allowing you to pinpoint and thwart attacks in real time.
The need – and solutions – for Detection and Response have extended beyond the endpoint; but “buyer beware”. In part 2 of this blog, we will look at DataEndure’s approach to a fully-managed security solution with a robust and complete security stack that will help you take back your time. In the meantime, we are offering our complimentary Security Health Check to help you evaluate your current security posture. This health check will give you the insight and opportunity to strengthen your defenses before a potentially crippling attack occurs.