Cyber security is no longer an IT problem but rather a priority of the highest levels at the majority of organisations. The reason for this is simple: cyber threats have become a serious issue that costs businesses money, compromises their information and their customer data and causes reputational damage, to name just a few consequences. However, protecting your organisation against cyber-attacks is not a simple matter of implementing the right technology.
“There is unfortunately no ‘silver bullet’ solution to protecting and defending against the advanced, persistent and ever-evolving array of malware and attack tactics. While technology is a critical and core element to cyber defence, ultimately, what organisations need is a change of mind-set around cyber security. The belief that ‘it won’t happen to me’ is not only out-dated, but dangerous, as there is no organisation that is safe in today’s digital world. Enterprises of all sizes need proactive, intelligence-based solutions, and the relevant expertise to develop comprehensive strategies to detect, remove and remediate threats,” says Deon la Grange from FireEye.
One of the biggest challenges with traditional alert-based security solutions is that the sheer volume of threats, attacks and potential threat events has become overwhelming. Organisations receive hundreds, if not thousands of alerts on a daily basis, many of which are false positives – this is often a tactic of cyber criminals as they test an organisation’s defences. It is impossible to adequately address each and every alert, which leads to a state of ‘alert fatigue’ where legitimate threat events are missed. While there are technologies available for event management that can reduce these numbers, the challenge lies in determining which alerts are important and which are not. A lack of intelligence relevant to the alerts means that while organisations are bogged down trying to sift through thousands of alerts, attackers can slip a true threat through the defences.
Fred Mitchell, Security Software division manager at DCC adds: “Further to this challenge is the fact that threats are becoming more advanced, persistent and targeted than ever before, in retaliation to increasingly sophisticated security systems. The issue here is that the majority of reactive security technologies are based on known malware or attack signatures, and they are unable to stop unknown threats, which are the ones that infiltrate networks and cause significant damage. Intelligence-based systems help organisations move from a reactive defence to a more proactive approach. These systems utilise information on attack trends relative to industry, market sector and more, and along with real, current and trending data to understand the tactics, tools and procedures of malware and threat actors.”
The reality is that a large percentage of today’s attacks are not malware-based, at least not to begin with. “Threat intelligence is thus essential to defending against new attacks, which do not have a known signature. Only by understanding the tactics, procedures and code that attackers use, rather than the specifics of an attack, can they be detected before they cause too much damage. In addition, organisations need to have intelligence around other enterprises’ responses to threats and what happens once they are breached, in order to benefit from existing experience around these threats. Furthermore, organisations need solutions that will proactively search for vulnerabilities, to ensure that they can be fixed before they come under attack,” says La Grange.
In today’s world, threats are specifically crafted so that they do not trigger alerts in order to ensure maximum chances of infiltrating an organisation’s defences. Enterprises therefore need to be able to detect general types of attacks, rather than specific attack signatures. “Breaches are inevitable, as cyber-crime has become a highly profitable industry worldwide, and organisations are often specifically targeted. Without the ability to dynamically analyse malicious code, or a reliance on known, signature-based attacks, organisations are left vulnerable. However, technology is not a silver bullet solution, as enterprises need intelligence and strategy as well as expertise to detect existing breaches, contain them, remediate and close vulnerabilities,” concludes Mitchell.
Early detection is essential, and a multi-faceted approach is key. Next generation tools that do not rely on known protocols to block attacks, combined with intelligence to detect real threats early on in their lifecycle, and expertise to develop a complete strategy for dealing with malware and breaches, are critical to developing adequate cyber security and protection.