Security Intelligence: Moving From A Reactive To Proactive Defence

Security Intelligence

As cyber attacks continue to soar to unprecedented levels, organisations are slowly starting to realise that data breaches have become inevitable. Indeed, cyber criminals have become more and more sophisticated and underhand in their techniques, leaving organisations continuously playing cat and mouse in a bid to keep up.

As a result, there is already a shift in the way network security is being addressed – organisations are becoming increasingly aware that traditional defences are incapable of quickly adapting to emerging threats, rendering them inadequate when faced with today’s rapidly evolving threat landscape.

While perimeter security measures undoubtedly still have a role to play in reactively defending networks, they will not stop sophisticated hacks aimed at gaining control of critical systems. Instead, organisations need to take a more proactive approach to security, specifically ensuring they have full visibility into their networks.

A few years ago most organisations could safely assume it would be unlikely that they would become the target of a cyber attack; however this is a dangerous line to take when faced with the financial and reputational costs associated with today’s data breaches. Threats can come from anywhere, including internally, and for any reason. In fact, there is a high chance that many organisations have already been breached and do not yet know it.

According to the 2013 Verizon Data Breach Survey, two thirds of breaches took months or even years to discover. It is therefore imperative that businesses take a different stance and assume that they will be attacked, taking the necessary precautions to ensure threats can be identified and remediated as quickly as possible. Having a ‘when, not if’ mindset will ensure that any damage is limited, while investigations into the breach can take place much faster and with greater accuracy.

What Is Normal?

As cyber attacks become more complex, businesses also have to manage growing corporate IT estates. With IT processes an integral part of daily operations and organisations producing more data than ever before, an increasing amount of activity is taking place on corporate systems every day, from users accessing desktops to data packets being sent to cloud hosting sites.

What organisations need is the intelligence to recognise what is considered normal behaviour so that any anomalous or inconsistent activity can be flagged and remediated as soon as it takes place – that way, when an employee is sat in the London office, but also logs-on from Shanghai, it becomes clear that a breach has occurred and the organisation can then take the necessary steps to subvert the hacker.

What is absolutely key to data security is consistent visibility of all network activity. This requires the use of centralised, automated protective monitoring systems, capable of processing data from multiple sources across networks, including systems events, applications or databases.

Without such granular insight into the network, blind spots occur, leaving an ideal entry route for hackers. By applying intelligence to this insight businesses are able to ensure that security gaps are closed and each and every event is analysed in context – making the odds of correctly identifying an attack far greater.

Furthermore, regardless of the increasing sophistication of cyber threats or the growing amounts of data generated by organisations, it is undeniably best practice to be constantly aware of the smallest changes that occur across IT networks.

As well as strengthening security, continuous monitoring and analysis of all network activity improves the effectiveness and efficiency of the entire IT infrastructure, in turn making it easier to identify any vulnerability that could potentially be exploited.

With the ever-increasing threat to network security, any organisation that does not take a more proactive approach is gambling with both its data and its reputation. Having deep visibility into IT systems should be the foundation of cyber defence strategies for all organisations, as it helps ensure security and IT operations management stop the cyber criminals in their tracks – before any lasting damage has been done.

Ross Brewer

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.