Despite major advancements in security technology and a wide array of preventive measures adopted by companies, we continue to see various kinds of cyberattacks in recent times. WannaCry, the Mirai bot and Petya were in the news recently. One of the reasons why cyberattacks are difficult to prevent is today’s device driven ecosystem (including mobiles, wearables, IoT), too many interconnected systems, a lot of open platforms available and huge datasets being transacted over global networks. Today, there are sophisticated malware creators and cyber attackers who have a wide variety of opportunities to penetrate systems. Of course, the tried and tested phising, volumetric DDOS and ransomware attacks continue to flourish.
It is evident that ‘prevention’ focused security programs may have worked in an earlier time, but is not as effective today. Today, much of the organizational effort and resource allocation goes towards prevention of security incidents, and much lesser goes towards detection and response. Malware attacks are a good example of how detection and response become crucial. Hackers are building higher levels of sophistication with each passing day. A few months ago, hackers used an advanced reconnaissance system to target tech domains, including those of Cisco, Microsoft and Google. It shows that even enterprises at the cutting edge of technology, despite taking significant steps towards prevention, eventually fail to prevent a malware attack, and end up firefighting when an incident arises. Without sufficient response and remediation mechanisms, a lot of damage is done, including network crashes, before the organization can bring the situation under control.
Why Responsiveness Works Better
At the Gartner Security & Risk Management Summit 2017, analyst Earl Perkins, spoke about shifting your security focus to detection, response, and remediation. The overriding logic for this is that those who would want to penetrate your IT systems would eventually get through, irrespective of your investments in preventing attacks. The success of your IT security programs does not depend on trying to prevent the attack, but in the ability to predict, detect and respond to attacks in time.
Rather than focus on building stronger and taller gates, it makes a lot of sense today to have an outside-in approach to security incident detection and response. Data and analytics are critical components of a predictive and responsive risk mitigation and incident management setup. Techniques like behavioural analysis of networks, real-time threat monitoring and retrospective tracking of network activity allows IT teams to detect and understand the nature of an attack before it happens.
Moving Towards Managed Detection and Response
One of the key challenges of creating a highly responsive security management environment is aggregating and analysing network and system information, to identify threats drive actionable insights. The process works only if:
CIOs looking to adopt a responsive approach to security management need to consider new, managed security offerings, referred to by Gartner as Managed Detection Services (MDRS), that provide powerful analytics, skilled professional, 24X7 detection and response and state-of-the-art remediation processes. Gartner projects that 15% of midsize and large organizations are expected to use MDRS, as against 1% at present. You can get Gartner’s viewpoint on the MDRS space in its report “Market Guide for Managed Detection and Response Services”, released in May 2017.
The CNAM service that Netmagic offers covers many of these areas, and uses a correlation mechanism to identify potential security threats across networks, firewalls and routers. Key features include the ability to digest and analyse large volumes data in real time, respond to queries on current and historical data in a matter of seconds.
One of the biggest draws of this CNAM services is its ability to detect potential problem areas across a wide variety of data sources and types, including big data (e.g. data generated through consumer applications, IoT, eCommerce data, biometric information, etc.). With rich dashboards, context enriching capabilities and serious analytics on huge data sets (internal and third-party feeds) makes it easier for security teams to detect and respond to the minutest of threats, literally finding the needle in a haystack.
Organizations that currently use a Managed Security Service Provider would be in a better position to move to a Managed Detection and Response approach, since they would already have certain standard response and remediation mechanisms in place. For companies that are starting out with a security infrastructure, there is a great opportunity to leverage a best-in-class Managed Security Service Provider and build stronger detection and response capabilities at the outset.