Businesses Must Get Better at Breach Detection

Information system breaches are bad enough. However, breaches that go undetected prove to be much worse. Take for example Yahoo’s revelation that the company uncovered a data breach that impacted as many as one billion user accounts. While that breach was significant, more significant is that the breach occurred back in august of 2013, and it took years for Yahoo to discover it. Ultimately, the issues surrounding the breach hampered Yahoo’s acquisition by Verizon, resulting in costing  Yahoo some $350 Million.

Unfortunately, Yahoo isn’t alone when it comes to detecting breaches quickly. According to the latest Verizon Data Breach report, dwell time (how long it takes to discover a breach) is averaging more than 200 days. The reasons for that are numerous, ranging from lack of tools, to the lack of technical ability.

Nonetheless, experts agree that something must be done. Faizel Lakhani, president and COO of SS8, a Milpitas, CA based breach detection company, said “despite the best efforts of a barrage of perimeter, network and endpoint security defenses, breaches have continued and will continue to occur.” A statement validated by the company’s 2016 Threat Rewind Report, which shows that the potential for breaches are on the rise and breaches are becoming much more sophisticated.

In Lakhani’s view, it all comes down to improving detection. He said “humans in any organization will make mistakes that allow cyber intrusions. Companies need to accept that reality and develop methods of identifying and counteracting threats.”

To that end, SS8 has introduced technology that they refer to as a Protocol Extraction Engine (PXE), which can be thought of as a deep packet inspection engine which correlates and understands network traffic in real-time. Lakhani added “The idea here is to intelligently automate the detection process to a point where even tunneling or obfuscation techniques can be detected, removing that burden from InfoSec professionals.”

In other words, it seems that SS8 is looking to remove human inefficiencies from the breach detection process. Something that is sorely needed to overcome the more advanced, blended threats that are becoming all too common.  PXE is part of the company’s offerings, which fall under the umbrella of the company’s BreachDetect platform.

BreachDetect is aimed at solving the primary problem facing InfoSec professionals, the ability to gain visibility into the traffic that traverses complex IT infrastructures and application environments, as well as the numerous IoT devices connected to today’s enterprise networks. “The average breach goes undetected for more than 200 days, so it has become essential to understand the full life cycle of an attack, from reconnaissance, to command and control, to data exfiltration. That is the most prudent way to identify the systems and data that have been compromised,” Lakhani told GigaOM. “Obtaining this level of information has been a challenge due to a lack of visibility into network and application activity, and the lack of forensic expertise available to investigate attacks.”

Regardless of what tool an enterprise chooses to use to deal with breach detection, Lakhani’s advice to fully comprehend the full chain of attack and understand the implications of a breach proves valuable to any organization looking to get a handle on breaches.