The Problem with Breach Detection

By

According to ITC (http://www.idtheftcenter.org) data breaches in the US increased 40% in 2016, and through the first four months of 2017 are up an additional 42% over the same period last year.  Just over half of all breaches are caused by cyber attacks, defined by ITC as hacking, credit card skimming and phishing.  And the breaches are distributed across most if not all industries, hitting education, government, health and financial organizations alike. So, this is a big problem in 2017 that is threatening to explode into a huge problem.  You need to be aware that if you hold sensitive customer data, there is a very real possibility that you will be targeted.

What are your options for protecting yourself from data breaches?

In the past, organizations have focused the majority of efforts on breach detection and remediation.  In effect, they had given up on trying to prevent an attack and focused instead on cleanup.  Historically, this was more of a necessity since dedicated breach detection systems (BDS) from vendors like FireEye were the only type of solution available for detecting zero-day attacks that often are used in successful breaches.

The challenges with this approach are many:

  1. The standalone products used to detect breaches are expensive and take a sophisticated dedicated security team to manage.
  2. According to SonicWall GRID Threat Network, in 2016 over half of internet traffic was encrypted using SSL/TLS, so traditional breach detection systems can’t even see the threats coming into the organization. This is an issue because most modern malware is being created with the ability to download to unsuspecting victims using the same encryption technology.  SSL/TLS is being used to cloak or hide zero-day malware, making it very difficult for traditional breach detection solutions to be effective.
  3. Finally, most organizations just don’t have the cyber security skills to deal effectively with remediation.  It is estimated that, at the end of 2016, there was a one million person gap between the number of cyber security professionals available and the number the industry needs to effectively fight cyber crime.

What is breach prevention?

Fortunately, the security community now has more options at their disposal.  The best next-generation firewalls have integrated either on-board or cloud-based network sandboxes that are designed to detect zero-days much like the dedicated breach detection solutions available in the past.  And because a firewall sits at the Internet gateway, it is possible to block zero-day attacks before they ever make it into the network.  Here are five keys to finding the best breach prevention solution:

  1. The first requirement for breach prevention is decrypting the large component of your internet traffic that is using SSL/TLS.  Your next-generation firewall needs to be able to do this without impacting the network performance, so look for a scalable high performance solution.
  2. Look for a firewall that has high security effectiveness to ensure that the maximum number of “known” threats are detected and blocked before they get into your organization.
  3. For unknown threats, make sure the firewall can not only detect zero-day threats but automatically block them in near real-time.  This element is key to a breach prevention strategy.
  4. We recommend multiple sandbox engines running in parallel, which makes it much more difficult for an attacker to execute an evasion designed to target a specific vendor or engine type.
  5. Make sure the TCO of the solution fits within your budget, not only the upfront capital but also the resources needed to manage the solution and the ability to effectively scale capacity in the future to accommodate growth.
SonicWall Staff