As enterprises ingest more data at higher speeds they naturally encounter more cyber threats. But while the challenge of speed and volume is daunting enough, according to TechTarget’s Dan Sullivan the difficulty is compounded by the fact that today’s attacks are “often dispersed across network devices, servers, application logs and endpoints.” Companies now have to plan for well-coordinated attacks that may come from thousands of endpoints simultaneously–if cyber attacks were video games, we’ve gone from Pong to Space Invaders to Call of Duty in terms of complexity and dimensionality.
Heeding the “Call of Duty” in a high stakes battle
Distributed attacks aren’t new–security professionals have been talking about “blended threats” that occur over multiple attack vectors for some time now. However, such attacks are rapidly becoming more sophisticated. Consider for example distributed denial-of-service (DDoS) attacks which, according to Hacker News, are increasing in scale to exceed a terabit per second. Companies received a wake-up call recently when trusted DNS provider Dyn experienced one of the scariest DDoS attacks to date, which may have cost the company 8% of its business. Unfortunately it took an incident like this to make people start to understand how serious the new generation of cyber threats really is.
A recent IBM study found that the average cost of a data breach has hit $4 million. However, the stakes are much higher than that. Such distributed, highly complex attacks have the potential to disrupt entire industries, putting our economy and even our national security in jeopardy. In a Focus 16 keynote Ted Koppel presented the nightmare scenario of a coordinated attack on IoT devices connected to the nation’s power grid, posing the risk of a massive, disabling outage. According to Koppel, it’s not a question of “if” but “when.” And in fact, a group of researchers in Israel recently simulated such an attack on “smart lightbulbs” that brought down power in a city block.
Traditional security won’t cut it
Clearly it’s going to take much more than patches, firewalls, spyware detection and educating employees on “best security practices” to stem the kinds of threats that organizations now face. A recent study from Kaspersky Labs, however, shows that a huge number of IT departments persist under the false impression that traditional security is good enough. 40 percent believe their ISP will protect them, and 30 percent believe infrastructure partners will protect them, illustrating a situation the firm says is “putting businesses across the globe at risk of grinding to a halt.”
The complexity of attack methods, according to SearchSecurity, means that security approaches which look at the threat landscape in terms of individual attack vectors are insufficient.To combat the new generation of attacks you need a perspective that looks across all of the organization’s various boundaries–including the “boundary” of time.
The Einsteinian era of cyber security
Einstein revolutionized physics by viewing time and space as part of a continuum, and we should take a similar approach to cyber security. With data coming from industrial sensors, consumer devices and social networks co-mingling with traditional ERP and CRM data, real-time big data security solutions need to be able to analyze millions of events per second across a wide variety of data sources. That’s the “space” part of it.
They must also correlate events taking place on multiple platforms, often at staggered intervals, employing statistical pattern learning to detect anomalous behavior and providing sandbox-style environments for forensic reconstructions. In real-time, organizations must be alerted to potentially threatening behavior on a particular end-point, and have the ability to instantly compare it to what has happened there previously. That’s the “time” portion of it, and it’s a vital component of identifying malicious activity and stopping it in its tracks. In summary:
- Companies must plan for well-coordinated attacks coming from thousands of endpoints simultaneously, the cost of which may go beyond monetary figures to include existential risks to organizations.
- Patches, firewalls, spyware detection and other standard approaches aren’t enough, despite a persisting faith in traditional methods by many IT departments.
- Combatting the new generation of attacks requires a perspective that looks across all of the organization’s boundaries–including time.
- Solutions need to be able to analyze millions of events per second across a wide variety of data sources, as well as correlate events taking place on multiple platforms, often across lengthy time spans.
- In real-time, organizations must be alerted to potentially threatening behavior that may be occurring on multiple endpoints, and have the ability to instantly compare it to historical behavior.
Case in point: The “ART” of intelligent security
While such real-time capabilities might seem like pie in the sky stuff, Logtrust has in fact developed tools that address these very challenges. For example the Advanced Reporting Tool (ART), developed in partnership with Panda Security (see full case study), automatically generates security intelligence that allows organizations to pinpoint and stem attacks–both internal and external–across the entirety of the organization’s endpoints. The solution provides graphic visualization to monitor endpoint vulnerability, determine threat origin and perform forensic analysis, and automatically alerts the relevant departments to security status indicators so that they can take immediate action.
And so the Einsteinian age of cyber security begins! The distributed nature of today’s cyber threats requires a major leap forward in capabilities beyond the traditionally one-dimensional defense tools so many companies still rely on. The good news is that security is evolving ahead of cyber threats, and the tools to stem highly coordinated and complex attacks across multiple vectors are readily available.