By Carolyn Crandall, CMO, Attivo Networks
When The Rolling Stones sang “Time Is on My Side,” they clearly weren’t talking cyber security. Time is the friend of the cyber criminal and the enemy of IT and security teams.
However, a recent report by the Ponemon Institute, completed for Arbor Networks and titled “Advanced Threats in Retail Companies: A Study of North America & EMEA,” reveals that the mean time to identify (MTTI) a breach among surveyed retail companies is 197 days and the mean time to contain (MTTC) is 39 days.
The situation isn’t much better in other industries. Verizon’s 2015 Data Breach Investigations Report (DBIR), which provides analysis of nearly 80,000 security incidents worldwide and across multiple industries, found that in 60 percent of cases, attackers are able to compromise an organization within minutes. On the brighter side, this year’s report noted that the delta between MTTI and MTTC has shrunk versus last year’s report.
It’s easy to blame poor breach detection on security professionals “not paying attention,” but the bigger issue is the complexity of networks, says Anton Chuvakin, a vice president of the security and risk management research team at Gartner. “IT complexity just makes detection very difficult.”
Reducing these timeframes should be on the “critical to do” list of every IT and security team.
Average Time to Detect and Resolve an AT and DDoS
Source: Ponemon Institute
The Attivo dynamic deception platform offers IT and security teams an additional line of defense to protect critical information assets where cyber criminals have bypassed perimeter security solutions. The deception platform combines engagement servers on the network and endpoint, server, and application deceptions set as a matrix of traps throughout a network, private or public data center. This creates comprehensive coverage that is effective at detecting both reconnaissance and stolen credential attack methods.
When the attack begins with reconnaissance, Attivo detects all varieties of scanning and lateral movement. The BOTsink deception server lures attackers into engaging and revealing themselves as soon as they begin to look to escalate privileges and for high-value assets.
When cyber criminals use stolen credentials to start an attack, the Attivo Information Relay Entrapment System (IRES) is used to lure an attacker to the deception server where the infected endpoints, servers/VMs will be identified and the use of stolen credentials revealed. Organizations receive positive alerts that rapidly identify infected devices attempting to use false credential bait that Attivo has planted. IT and security teams can share the intelligence gathered from these attacks to update signatures on firewalls to quarantine the current attack and to block and defend against further attacks.
The IRES and BOTsink solutions as elements of the comprehensive deception platform, provide a rapid, highly effective way to identify hacker attempts in real time – before cyber criminals can exfiltrate company information or employee credentials.
Using inside-the-network detection puts time back on your side and away from the attacker with the real-time detection of zero day attacks, the use of stolen credentials, lateral movement, and insider attackers.
Isn’t it time to get time back on your side?