<img src="//pixel.quantserve.com/pixel/p-_JKXxuL8SR7wu.gif?labels=_fp.event.Default" style="display: none;" border="0" height="1" width="1" alt="Quantcast">
blog-banner.jpg

Next-Gen CASB Blog

Limit the Damage - Catch Breaches Early

By Annie Wang | January 22, 2015 at 10:15 AM

the-boy-who-cried-wolf_blogDespite massive investments in securing the perimeter, devastating data breaches still occur. Whether the result of the world’s nefarious cyber criminals sending phishing or malware attacks through company emails, or stolen credentials resulting in undetectable hacks, data exfiltration can cause significant damage to an enterprise and its officers. Given the speed at which cyber criminals are able to pivot and create new security threats, companies must change their approach to security. We now live in a world where the prevention of breaches has become too difficult. The proliferation of data outside the firewall via mobile devices i.e company laptops, personal smart phones has created an attack surface too large for IT security teams to guard.

Criminals are no longer going for the quick win, they’re slithering through firewalls, nestling in deep within your infrastructure, and deliberately exfiltrating data from corporate servers to hacker repositories. This often takes place over months until the breach is finally detected, or have gathered enough data to go off and sell in the black market, or ransom off to the victim.

Visibility into what data is being exfiltrated is crucial in limiting damage from breaches. Now, before you start thinking about your SIEM solution that sends you 17,000 alerts a week or the “visibility” company that only tells you what apps are currently running on your network (there are so many “Shadow IT” visibility companies out there but Shadow IT only represents 4% of breaches) I want to explain what I mean by visibility. Visibility is the awareness of what data is leaving your network, and tells you what the riskiest sources are, in a way that prioritizes alerts for you. It provides actionable intelligence so that you can quickly identify areas of risk, and at the end of it whether or not you are experiencing a breach.

Lessons from “The Boy Who Cried Wolf”

We all know the story of the boy who cried wolf. A small boy, who is tasked with protecting his family’s sheep jokingly yells “wolf, wolf!” multiple times, causing the townspeople to come running with their pitchforks and torches to aid him in fighting off the wolf. When the wolf actually comes, and the boy yells “wolf wolf” again, no one comes. The boy is then eaten.

This is the problem today. Companies are relying too much on their SIEM solutions. These solutions create WAY too many meaningless alerts per day. No IT team can manage thousands of alerts each week, yet still get enough sleep. SIEM solutions cry “wolf wolf” so often that IT teams no longer view them as a reliable alarm system. This is actually what happened in the Target breach. Alarm bells rang but fell on deaf ears.

IT security must be able to limit the damage caused by breaches. In order to do so they need a solution that can provide them with actionable intelligence early. They need to be able to identify high-risk data outflows from their infrastructure so they can protect their sheep from the wolves. 

To gain true visibility and shorten breach dwell time learn about a new service called Breach Discovery. Here’s a data sheet for you

Also, save your seat for our upcoming webinar where you can learn to limit the damage from breaches! 

Chris Hines

Product Marketing Manager | Bitglass