Pick up any reliable reports on the cost of global data breaches in today’s code-driven and hyperconnected world, and you will be hard pressed not to wonder if your organization has done everything they can to mitigate against the ever-evolving attack vectors.- “2018 Cost of a Data Breach” sponsored by IBM includes a calculator tool and summary of the study based on interviews with more than 2,200 IT, data protection, and compliance professionals from 477 companies and 15 global regions across 17 industries that have experienced a data breach over the past 12 months. Here are a few eye-opening nuggets from the study:
Average time to identify a breach: 196 days
Average time to contain a breach: 69 days
Average cost of data breach is $3.86 million and “Mega Breaches” as high as $350 Million
U.S. companies experienced the highest average cost of a breach at $7.91 million
Irrespective of how you slice and dice the findings and full financial impact of a data breach on a company's bottom line, you will be compelled to deploy even more of the latest cyber security technology and solutions available from a plethora of best of bread vendors. Or if you decide, there are single vendors with a range of products to detect and stop threats. Here is a partial list of what these vendors offer:
Public/Private Cloud Security
Next Generation Firewalls
Next Generation Intrusion Detection
Next Generation Intrusion Prevention
Advanced Malware Protection
… and the list goes on. But here is the $350,000,000 question – “Given all of these best of breed solutions, why are bigger and more recurring breaches on the rise?” or at minimum, we should ask ourselves how can we assure - in real-time - that the security posture that is actually deployed has the intended consequences against attacks and other inspection policies?
There is always mounting complexity associated with having layers of technology solutions both from a planning as well as an operational point of view. However, the industry recommendations have been generally to either deploy another innovative security solution or seek teams of assessors and responders to find and address vulnerabilities. Organizations may experience some savings in time, resources and costs associated with finding and filling security gaps whether they opt for an internal team or engage the services of an external security team; however, the obstacles still remain. To name a few challenges for finding and fixing security vulnerabilities effectively:
Disjointed teams and solutions are applied to various network phases and domains
Non-real time assessments are used
Out-of-date and non-applicable approaches are applied
The notion of having “Red Team/Blue Team” and the rise of “Purple Team” is not new but these teams are only as effective as their tools, how often they are deployed and approaches. With having a “Purple Team,” we may be minimizing delays in the cycle, but the fundamental challenge is ensuring authenticity, robustness and timeliness of collected information as well as the recommended actions. Today’s network infrastructure and the demand that is put on it is very dynamic. The gathered insight and recommendations that are based on that information need to keep pace at all times. Even dedicated teams are not capable of conducting vulnerability assessment as every layer of the network goes through its unpredictable and intricate high use, low use, and maintenance phases.
Data Breach Assessment Tools
Fortunately, there are emerging offerings that aim to provide the necessary tools to conduct vulnerability assessments. Regardless of various implementation approaches taken by such platforms, their necessities are indisputable and research/analyst bodies such as Gartner have been including data breach test tools in their portfolios for a while now. As more and more enterprises consider these tools to arm their teams with insights to improve detection and mitigation of attacks, attention should be given to what makes an effective tool in this critical arena.
Realism: Realistic actionable intelligence of a data breach is probably the most important element for this tool set in order to give the required insights for improving security posture in the face of existing and emerging attacks. Implementations that are based on techniques such as network simulation or basic network traffic PCAP replay are short changing their users with unrealistic scenarios rather than replicating real attack vectors or applications under user control so that an accurate security coverage is uncovered rather than giving a false sense of security.
Up-to-date intelligence: On-going changes in attack and malware vectors and application consumption landscape require tools that can harness the latest intelligence to avoid giving outdated and non-applicable information on detection and prevention of attacks. An effective tool for data breach assessment should have at its disposal continuously updated threat intelligence to efficiently enable gauging security efficacy of the network with the latest maligned traffic scenarios.
Effective assessment framework: Breach assessment tools that do not operate in the realm of their users whether from configuration, operation, automation, or a reporting point of view, would cause impediments rather than empowering the user to perform an effective assessment. These tools should be flexible, extensible and automated in their approach for providing accurate and effective intelligence that can give insights as if a real attack would get propagated and pivot through the network. Only data breach assessment tools that possess realistic, continuous intelligence as well as flexible frameworks and assessments that can be scheduled at specific times (such as busy hour or shift changes) and that can operate in user environments can deliver an insightful and accurate view of today’s enterprise cyber threat landscape.
Please visit us atto find out how Spirent CyberFlood can help in filling the gap between today’s cyber security practices and having an effective “Data Breach Assessment”.