I was speaking to someone on the phone and asked a pointed question: “Are your systems hacked?” There was a pause, which I broke by saying that it was a very black and white question. His reply? “We’ve never been hacked.” My response? “How do you know?”
He explain that the company had a well-known active detection tool to address this and didn’t need any additional solutions. I was surprised that an IT Security Manager would be so quick to dismiss the notion that his systems may have been compromised and that one solution was capable of stopping all endpoint attacks.
Certainly there are some quality Endpoint Detection and Response (EDR) solutions out there, but they are not a one-stop solution. They help keep out attacks through real-time detection, but don’t hunt your system for pre-existing malware or zero-day threats that make it through. The truth is, attackers keep changing their tactics and it can take a while to discover and document a new threat before technology can actively stop it. Take a look at last week’s blog on APT6.
If you’re still skeptical, check out the latest reports from Verizon, Ponemon, IBM and others. According to multiple independent reports, the average time is takes to identify a breach is over 200 days. That’s 200+ days before you can remediate, and 200+ days for cybercriminals to conduct the discovery needed to infiltrate your systems and steal business critical information, including IP, customer data, payment card data and more.
According to Verizon’s 2015 Data Breach Investigations Report:
“The proportion of breaches discovered within days still falls well below that of time to compromise. Even worse, the two lines are diverging over the last decade, indicating a growing “detection deficit” between attackers and defenders. We think it highlights one of the primary challenges to the security industry.”
And according to an article in Computerworld UK, companies are not doing a good job uncovering threats on their own:
"Only 19 percent of breaches were self-detected, with 58 percent of incidents reported to victim organisations by regulatory bodies, card companies and banks. Law enforcement reported another 12 percent, with a variety of miscellaneous third parties covering 7 percent."
Breaches are at an all-time high, so clearly a new approach is needed. Assuming one solution fits all is a mistake that organizations can’t afford to make. The key to protecting against today’s increasingly sophisticated attacks is a defense-in-depth strategy that layers on multiple solutions to close any gaps.
EDR is a great first step, but pairing it with malware hunt technology ensures that anything that has slipped through the cracks is discovered before attackers can cause damage offers the most comprehensive protection.
Infocyte’s hunt technology fills the void left by today’s real-time detection solutions by focusing on the post-compromise activity of persistent attackers and insider threats. It is designed specifically to detect if malware is present on the network and works in tandem with your existing security investments. It scans and detects the post-intrusion activity, active or dormant, of attackers who have successfully evaded an organization’s real-time defenses and established a beachhead within the network.
Infocyte HUNT reduces the breach detection gap - the time that exists between infection and discovery - denying attackers the ability to persist. And the less time cybercriminals have to spend in your systems, the less havoc they can wreak.
Organizations can’t afford to take a gamble on their security posture these days. Using a layered security methodology that pairs complementary solutions is defense-in-depth at its best.
Learn more about how Infocyte's threat hunting technology helps provide defense-in-depth.