The record number of attendees at the RSA Conference this year were given a stark reminder that effective security remains a massive challenge for almost all companies, despite record high investment in cyber security.
Cyber-attackers are ahead in the security arms race. This is apparent from the steady stream of companies that continue to appear in the news for all the wrong reasons. 2014 saw a 25% year-on-year increase in the number of companies reporting data breaches. The consequences of those security failures - operational downtime, brand reputation damage, intellectual property loss and financial penalties - can be catastrophic for impacted companies, especially in a world where agility, customer loyalty and even the slightest competitive edge can be critical to success.
The harsh reality is that cyber-attackers will always have the advantage. The battle is asymmetric: attackers only need to be successful once, while companies need to be defensively flawless every time. A harrowing challenge, so what do we need to keep up?
Security Visibility is the key to true understanding of activity in your environment.
In the opening keynote at the RSA Conference, Amit Yoran, President of RSA, proposed:
“[For effective Cyber Security,] We must adopt a deep and pervasive level of true visibility everywhere.”
“[Visibility is] understanding what is truly happening in your environment. Don’t rely on logs from IDSs or firewalls. You’ve got to really understand.”
Machine and log data is certainly helpful for a security team, but is ultimately insufficient. Machine and log data provides fragmented, incomplete and delayed visibility, especially when it comes to detecting the “unknown unknowns” - the problems we don’t know we don’t know, the 1% of attacks that are most evasive, persistent and potentially damaging.
The simple fact-of-the-matter is: You can’t detect or respond to attacks you can’t see. A fundamental starting point for an effective program is full security visibility across your network, and network data is one of the richest sources available. Such complete visibility provides an independent, authoritative view through which security analytics can be performed with confidence that nothing is being missed. In short, the “the wire don’t lie”.
Alright, full security visibility. Sounds great. Let’s do it.
Not so fast. Achieving full security visibility based on network data in today’s complex enterprise environments can be a monumental undertaking. Data volumes, data varieties and data velocities continue to grow at explosive rates. Also, the true value of network data is only realized when it is automatically decoded, decrypted (where applicable), contextualized, indexed, visualised and made machine consumable - both in real-time and in retrospect. This is not easy by any stretch of the imagination. Most network monitoring solutions on the market today are little more than packet capture devices that only enable reactive investigation and reporting based on a retrospective view into network activity.
Until recently, comprehensive network data analytics solutions that enable more proactive and complete visibility by providing real time monitoring and investigation, have been perceived as only essential for the likes of trading environments - highly demanding networks where microsecond-level network performance has a significant impact on business outcomes. It’s safe to say this level of visibility is not just for trading anymore. New technology trends such as software-defined networking (SDN) and Internet of Things (IoT) will add additional challenges and complexity for security teams. International Data Corporation (IDC) predicts that within two years, 90% of all IT networks will have an IoT-based security breach. You’ll want to do everything you can to make sure your company is in the latter 10%, and that means preparing for a new era of Cyber Security.
It is time for Cyber Security to embrace the power of Visibility.
Full security visibility empowers teams to monitor in real time for attacks that may occur, and to retrospectively confirm if, when and where they did occur. Based on a recent survey conducted by ESG, Jon Oltsik notes that companies are catching on to the need for pervasive monitoring: “40% of organizations plan to move toward continuous monitoring of all assets.”
If we ever hope to draw even with attackers in the Cyber Security arms race, change is needed. Companies must be empowered to effectively defend against and respond to increasingly evasive, sophisticated, and business-crippling attacks. To make this a reality, full visibility into network data is exactly what Cyber Security teams need as their foundation. After all, you can’t defend against what you can’t see. Are you ready to turn on the lights?