Cyber Protection - Find the Needle in the Needle Stack.
With so much data spilling from devices on every part of your organisation, don’t you ever wonder ‘how could I use the outputs of those expensive boxes more effectively?’ This has been the challenge for the users of security devices for many years, trying to answer the question ‘is this device that I paid so much money for, actually doing what I ask it to do?’ For many organisations, security devices are just black boxes that they hope will perform some kind of cleansing osmosis between them and the outside world, unfortunately this is not the case.
Well-resourced hackers, crowd funded script kiddies and nation states are buying up these devices, and not for the purposes you may think, research into some of the most high profile attackers methods suggest that, not only are they using very simplistic techniques to breach corporate networks, but they have enough resource to have known how the market leading security devices work and where the blind spots are. So where does that leave us? It quite simply leaves us completely unprotected by the millions of pounds we have invested in security; yes, these devices stop known threats, alert us to some known patterns of traffic and stop that commercial malware from damaging our infrastructure, but is that what we are really concerned about? Do we buy insurance to protect us from that paint chip on the car or the broken plate in the kitchen? No we buy insurance to protect us from major losses, things we can’t afford to replace, yet in the world of IT, we often leave the most precious and exploitable assets in our organisations unprotected from the advanced threat.
What can I do about it?
For the most part, nothing. As with every insurance, there is a certain amount of risk that your mishap may not be covered, something that was not underwritten. But for the vast majority of incidents, we have covered ourselves. Do we consider this when investing in the security of our customer’s data, intellectual property or the availability of our business systems?
Those devices we paid so much for aren’t just black boxes that protect us, they are feeds of news for the investigators and the detectors so that we can understand what is happening in our business right now and compare it to what happens normally, align it with vast amounts of external data to identify where key exposure lies to become a real source of intelligence for the operational stability of our business critical infrastructure.
There’s so much data, I don’t know where to begin?
At SecureData we are experienced in the management of security devices, have a deep understanding of the news feeds (logging) that are provided by such devices and are leveraging the intelligence that comes from within a business using it alongside that which comes from security vendors, open source feeds and social media, within a platform which is able to cope with this ever expansive dataset. We understand that SIEM systems have limits and have identified solutions to provide detection, not only for the commercial threats to your business, but also the advanced, highly targeted threats. A platform where not only can we ask, what is happening right now, in real-time, but also what happened this time last week, last year, and use this to automatically identify the anomalous traffic without any requirement to distinguish the ‘Bad’ from the ‘Good’ only the need to identify the ‘Irregular’ from the ‘Normal’.
With knowledge of how a business prioritises and manages risk and how the organisation is structured, it is possible to provide an efficient solution that identifies and responds to time sensitive threats in real time, whilst intelligently managing data that can be used to report less risky activity allowing the business to react to what matters, when it matters, and in some cases reacting on their behalf, only reporting the actions taken to remediate the issue. Combine this with an understanding of the corporate network topology, what other vulnerable assets are exposed to the same active threats as well as threat intelligence to identify the most likely attack vectors prior to updates by major security vendors and only then can you effectively reduce your risk exposure.
To detect, stop and remediate threats that others can't you need a combination of 'best of breed technologies', clever people and robust processes. SecureData have developed and deliver this for multiple customer across a variety of platforms, sectors and combat some of the most advanced threats. SecureData GI.