Using active breach detection to keep government data safe
- By Paul Kraus
- May 19, 2016
The sad truth of modern online security is that hackers move faster than defenses can be mounted against them. Hackers compromise government agencies in innovative ways via every imaginable vector, from server to mobile end user. The Office of Personnel Management was breached twice in early 2015, for example, sounding the call for improved technology to keep pace with and to ward off such intrusions.
Perimeter defenses such as firewalls and antivirus software are successful in filtering out some of the intrusions, but certainly not all. Active breach detection systems offer a shrewd method to bolster existing resources by acting as the online equivalent of a night watchman, detecting network intrusions around the clock that other tools miss. The visibility that these detection systems can provide is unparalleled.
A cloud-based active breach detection system can leverage threat intelligence through centralized analytics and metadata by using deep-packet inspection to examine network attributes across applications, including a retrospective investigation of historical data. It scans for known malware and anomalous behavior and incorporates machine learning to better understand the unique patterns in a network and as a result better detect anomalies. Available through a range of delivery methods, breach detection can be built-in to a hosted network, located on premise or in a third-party-hosted cloud or on an agency's own private cloud. In addition, the security community at large benefits from every breach detected, because lessons are shared via the cloud.
When it comes to protecting government data, active breach detection offers the following advantages:
Alert filters. IT professionals are stretched thin trying to monitor networks around the clock, constantly adapting their tools to maintain vigilance in meeting the latest threats. It is easy to become desensitized by excessive alerts. Alert fatigue reduces acuity and leaves data susceptible to hackers and breaches, which is what happened in the 2014 Target data breach: an alarm was issued, but incorrectly attributed to a benign threat. Active breach detection helps professionals avoid dismissing critical alarms by using historical context and machine intelligence to filter out non-actionable alerts.
False positives removal. Similar to alert fatigue, false positives can waste the IT team’s time investigating threats that aren’t real. By removing the category altogether and boosting the signal-to-noise ratio, active breach detection offers precise and clean reporting for more efficient remediation. The team can take swift action only when necessary, thus improving productivity, efficiency and the effectiveness of each individual.
Data visualization. It is difficult for IT professionals to quickly react to threats if they cannot understand information placed in front of them. Data presented in a visual, graphic way that is easily digestible empowers understanding and helps speed remediation. Active breach detection delivers data derived from ongoing network scans and evolving research on recent threats in an easy-to-understand dashboard. IT staff can easily see not only the latest breaches, but also those that have evolved over time to become more dangerous, such as the Angler Exploit Kit, which is now in v7.0 and largely undetectable by antivirus software.
Adaptability. Adaptability in regards to an active breach detection system means that there are no implementation hurdles for the IT team. A complicated implementation process takes precious resources away from fighting hackers. Look for an active breach detection system that is easily implemented and managed and know that this is achievable without sacrificing technical sophistication.
Smart software. It is worth prioritizing an active breach detection platform that operates on metadata. The ability to collect and store massive amounts of information -- combined with cloud-based data analytics that use machine learning to rapidly identify anomalous attack behaviors -- will make a system smarter over time. Metatagging and metadata enable a platform to store enough information that it automatically learns which compliance issues agencies face and helps teams quickly address these as well as security.
Instant ROI. Compare the cost of a breach or hiring a new full-time security professional against the cost of adding an active breach detection service. The average cost of a single lost public sector record is $68, according to the Ponemon Institute’s 2015 Cost of Data Breach study. If a typical breach compromises 2,000 records, that puts the cost of a breach at $136,000. A seasoned full-time security expert would have a gross estimated salary of more than $100K. Again, an active breach detection system costs only a fraction of that, generating instant return on investment.
A breach is not a matter of if, but when. The challenge of attempting to secure the perimeter without a defense that can adapt quickly to ongoing threats is an open invitation to hackers. Next-generation breach detection offers an effective tool that marries big-data techniques and machine learning to deep cybersecurity expertise to maximize defense against breaches and threats. By removing nonactionable alerts and delivering digestible and intelligent data, active breach detection augments security systems by arming the defense in the ongoing battle against infiltration.
Paul Kraus is president and CEO of Eastwind Breach Detection.