Can Active Attacks be Found Before it’s too Late?
Can an active attack be detected before it’s too late and results in a data breach? That’s a burning question for most companies. Unfortunately the answer for nearly all is an uncomfortable no. Dwell time for attacks still lingers with an average of six months. Six months for an intruder to go undiscovered! Outrageous. Even then, only 18% of organizations uncover the breach themselves. Generally the discovery comes from a financial services company or from law enforcement.
An even tougher question: How do you know that you’re not a victim of an active network attack or breach right now?
At the World Economic Forum this year, John Chambers quipped, “There are two types of companies: those who have been hacked, and those who don’t yet know that they have been hacked.” Again, most organizations have no way to effectively know if there is an active attack underway in their network.
So the answer to the question seems to be a pessimistic, “No.”
That is not the conclusion from the brand new LightCyber security bulletin. In it the company looks at two cases of targeted attacks. In both cases an undiscovered attack was well in progress when the companies deployed LightCyber Magna as an evaluation. One was being conducted by a state-sponsored threat actor; the other by a technically competent malicious insider. The details may surprise you.
In addition, from these two customer accounts and from others, the report outlines three factors that are critical to finding an active attack. If these factors are well implemented they can lead to detecting an active intruder quickly and accurately. With behavioral attack detection, John Chambers will have to make room for a third category of company: those that were attacked but detected it before theft or damage could occur.
Read the Bulletin, The New Security Bulletin.
Read the whitepaper, The New Defense Against Targeted Attacks.