We’ve all seen the articles by now. Ditch your network security provider. Forget about perimeter protection. Firewalls are useless. Data breach prevention is dead, and the only way to beat hackers is to turn to detection software instead.
Given that the number of data breaches involving 100 million or more records doubled in 2014, it’s understandable that the industry is frantically searching for the silver bullet that is going to fix this problem. The problem is, we don’t think there is one.
The problem with breach prevention software:
Most traditional prevention solutions operate on “signature-based” rules, which rely on advance knowledge of all attacks in order to protect against them. It almost goes without saying that hackers are evolving much faster than these systems can typically catch and log their threats, rendering them significantly less effective than they were even ten years ago.
The other significant issue with systems like these is the rate of false positives. Bugs and minor data problems can cause the system to flag items that shouldn’t be of concern as issues needing review, which in aggregate leads to an extremely high false-positive rate. So high, in fact, that it’s hard to distinguish real threats from the false alarms.
Target was widely criticized for ignoring alerts from network security vendor FireEye, which caught the intrusion and notified the company multiple times before news of the breach broke in the media. But Target is nowhere near being the only company who falls victim to this. In an interview with ComputerWorld, Eric Chiu, president and co-founder of HyTrust stated that organizations often ignore vendor alerts because there are so many, and such a high volume of them turn out to be false alarms.
"You can have all the alarms you want, but unless you put security in a prominent position in the company and have enough staff to review them, those alarms don't mean anything," he said.
Focusing on mitigating the impact of breaches instead:
The notion of post-breach detection is nothing new, but is becoming increasingly more important as traditional prevention software continues to struggle with how to best keep up with quickly evolving hacker techniques. Companies are starting to come to terms with the fact that it’s impossible to stop every single attack, and that maybe it’s more advantageous to invest in technology that can rapidly detect a breach as soon as it happens.
Using large volumes of data paired with machine learning, smaller innovative companies are quickly outpacing the major players in the space by using pattern recognition and behavioral profiles to detect breaches faster and more accurately.
In a report by FireEye, the average time between infiltration and detection of a data breach is over 200 days. Catching a breach early could be the difference between one million and fifty million payment card accounts being compromised, or the difference between losses counted in the hundreds of thousands of dollars vs hundreds of millions.
But while detection software can help to mitigate the impact and severity of data breaches, this approach alone still isn’t the best defense against hackers.
So Both Prevention and Detection Solutions Are Necessary?
In an interview with Network World, Timothy Ryan, managing director of the Cyber Investigations practice at Kroll Advisory Solutions said, “Prevention is a great strategy when it works. But unfortunately no preventative measure can be completely effective.”
“For that reason, companies cannot rely on prevention and protection alone,” Ryan said. They must also rely on an information security plan that blends technology and processes to identify and respond to compromises quickly. The right tools and processes often reduce the time and cost of an investigation, he says.
There cannot be an 'either/or' approach to prevention and rapid detection. The vast majority of organizations must do both.
To learn more about Rippleshot’s rapid data breach detection, check out our case study bundle: