The Four Most Commonly Misunderstood Facts About Network Attacks
What you don’t understand can hurt you, and sometimes that hurt can be colossal. It’s ironic but even with a daily news cycle of freshly uncovered data breaches, most companies still greatly misunderstand the phenomenon.
Just start with the term network attack. Some people think of this as the initial intrusion into a network. Others think of it as data exfiltration. The fact is that an attack breach is the entire process after the initial intrusion. This is not just an academic point. If you understand that the intrusion is ultimately impossible to fully prevent and takes place in seconds—and that, post intrusion, most of the attack involves an intruder trying to understand, navigate and gain greater control inside an unfamiliar network—you know that it is in this phase you have the best chance to find and stop an attacker. The signals are there if you know how to look for them.
Most companies still put the majority of their resources into preventative security, including trying to prevent an initial intrusion. This is madness. Preventative security is essential, but it is not sufficient to keep a targeted attacker out of your network. Companies need to put more resources into finding an active attack early in the process. At present, most companies have little or no ability to detect an active attack.
Admittedly, there is quite a lot of confusion. Legacy vendors are calling intrusion prevention technologies attack detection, and many think that the same malware hunting approaches used in prevention can be used to find an active attack. These perceptions are seriously impairing organizations with a false sense of security.
The fact is that you can detect an active attack early in the process with the right tool and proper perspective. This requires a proper understanding of how a targeted attack works and a shift in how to respond to that challenge.
Review our recent Infographic to learn more about these four misunderstood facts about data breaches.