“Are your systems hacked?”
I was speaking to someone on the phone and asked a pointed question: “Are your systems hacked?” There was a pause, which I broke by saying that it was a very black and white question. His reply? “We’ve never been hacked.” My response? “How do you know?”
He explained that the company had a well-known active detection tool to address this and didn’t need any additional solutions. I was surprised that an IT Security Manager would be so quick to dismiss the notion that his systems may have been compromised and that one solution was capable of stopping all endpoint attacks.
Certainly, there are some quality Endpoint Detection and Response (EDR) solutions out there, but they are not a one-stop solution. They help keep out attacks through real-time detection but don’t hunt your system for pre-existing malware or zero-day threats that make it through. The truth is, attackers, keep changing their tactics and it can take a while to discover and document a new threat before the technology can actively stop it. Take a look at last week’s blog on APT6.
If you’re still skeptical, check out the latest reports from Verizon, Ponemon, IBM, and others. According to multiple independent reports, the average time it takes to identify a breach is over 200 days. That’s 200+ days before you can remediate, and 200+ days for cybercriminals to conduct the discovery needed to infiltrate your systems and steal business critical information, including IPs, customer data, payment card data and more.
According to Verizon’s 2015 Data Breach Investigations Report:
“The proportion of breaches discovered within days still falls well below that of time to compromise. Even worse, the two lines are diverging over the last decade, indicating a growing “detection deficit” between attackers and defenders. We think it highlights one of the primary challenges to the security industry.”
And according to an article in Computerworld UK, companies are not doing a good job uncovering threats on their own:
“Only 19 percent of breaches were self-detected, with 58 percent of incidents reported to victim organizations by regulatory bodies, card companies, and banks. Law enforcement reported another 12 percent, with a variety of miscellaneous third parties covering 7 percent.”
Breaches are at an all-time high, so clearly a new approach is needed. Assuming one solution fits all is a mistake that organizations can’t afford to make. The key to protecting against today’s increasingly sophisticated attacks is a defense-in-depth strategy that layers on multiple solutions to close any gaps.
EDR is a great first step, but pairing it with malware hunt technology ensures that anything that has slipped through the cracks is discovered before attackers can cause damage offers the most comprehensive protection.
Infocyte’s hunt technology fills the void left by today’s real-time detection solutions by focusing on the post-compromise activity of persistent attackers and insider threats. It is designed specifically to detect if malware is present on the network and works in tandem with your existing security investments. It scans and detects the post-intrusion activity, active or dormant, of attackers who have successfully evaded an organization’s real-time defenses and established a beachhead within the network.
Infocyte HUNT reduces the breach detection gap – the time that exists between infection and discovery – denying attackers the ability to persist. And the less time cybercriminals have to spend in your systems, the less havoc they can wreak.
Organizations can’t afford to take a gamble on their security posture these days. Using a layered security methodology that pairs complementary solutions is defense-in-depth at its best.
Learn more about how Infocyte’s threat hunting technology helps provide defense-in-depth.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »