What is the current state of enterprise-level data breach detection?
It looks grim from the outside. In recent studies, 78% of CISOs are concerned about the data breaches that are going undetected. Indeed, data breach detection presents a two-fold problem for enterprises and their IT security teams. Firstly, data breach detection is the first step to data breach mitigation and remediation: you can’t solve problems that you don’t know exist, after all. Simultaneously, the longer an attacker stays on your network—the longer their dwell time—the more damage they could do to your enterprise’s databases and assets. Bad actors could steal more data, reroute more of your finances, or disrupt your business processes continually or whenever it suits their purposes the longer they dwell.
Add to these concerns the fact that the average data breach detection takes 206 days before security teams discover a dwelling threat, and the severity of the issue becomes evident.
So how can you make data breach detection easier for your enterprise and your IT security team?
1. Utilize Deception Technology or Honeypots
Deception technology, depending on who you ask, either a replacement or a variation of honeypot technology. Certainly, they operate in a similar fashion: they both set decoy systems and content to trip up digital attackers. Deception technology and honeypots are designed to catch threat activities as bad actors try to understand your IT environment and find lucrative targets.
Once a honeypot or deception technology does find a threat, it contains them in a separate digital environment where your IT security team can observe its behaviors and intentions. But most relevantly for our conversation, both deception technology and honeypots can serve as high fidelity warning systems that attackers have bypassed your security perimeters. After all, no one should be accessing your decoys legitimately, so any access should indicate a threat.
Enterprises should be utilizing their honeypots to facilitate their alarm systems and data breach detection. If they aren’t already a part of your security platform, it may be time to rethink that strategy.
2. Remember to Keep an Eye on the IoT
The IoT is part of your network. You may not think of it as such, but as we learned from Ken Munro’s Keynote at Identiverse even a wi-fi connected kettle might contain your encryption key.
Think about this: how many video calls does your enterprise make a month? Or a week? Is your web-enabled camera a separate device? One of those devices can, and has in the past, been hacked and used for corporate espionage. All a hacker might need is a model number and a little know-how.
Make sure your SIEM and security analytics solutions are capable of scanning your IoT devices for threats. If possible, head off hackers from even breaking through your security perimeter by only selecting secure IoT devices. Data breach detection is an excellent goal, but the importance of data breach prevention cannot be overstated.
3. Reduce Alert Fatigue in Your Data Breach Detection
More security event data compiled and aggregated means many more security correlations discovering far more possible legitimate threats. Yet it also means far more false positives—which can sap your IT security team’s time, resources, and will to fight. Additionally, with so many false positives arriving on a daily basis, it can be difficult to identify, investigate, and act on the real security threats. Unless this is resolved, your SIEM and security analytics solution might make your data breach detection harder rather than easier.
Obviously, in order to improve data breach detection, you’ll have to reduce the false positives to the best of your abilities. Replacing your legacy SIEM or security analytics solution is a good step, as is automating the analysis of security correlations through machine learning.
4. Keep Your Data Breach Detection Solution Updated
A simple maxim we here at Solutions Review are fond of repeating: you need to keep your SIEM, security analytics, and data breach detection solutions updated continually.
A study by Verizon found that nearly 99% of all malware is altered and reused to help avoid data breach detection software. If your cybersecurity solutions aren’t updated, they will not be able to find the new threats that could be dwelling on your networks. Updates can take time and resources from your IT security team, but the long-term benefits can exceed any cost.
Latest posts by Ben Canner (see all)
- 5 Key Security Analytics Capabilities for Security Operations Centers - October 17, 2019
- 40 Percent of Security Practitioners Don’t Report to the Board - October 15, 2019
- What Do SIEM Components Actually Do For Enterprises? - October 10, 2019