This is Part Two of an interview with iboss CEO and Co-founder, Paul Martini, where he discusses some of the factors behind the critical increase in data breaches impacting all industries. In this part, he discusses why standard security solutions so often fail and what organisations can do to increase their security postures and better protect their data. (Read Part One)
Question: Paul, organisations have made significant investments in security tools and personnel, but something is not working. Where do you see the biggest short falls in the traditional security tools and skills that organisations have deployed?
Paul Martini: The biggest deficits occur in organisations’ ability to proactively monitor data. Traditional security has always focused on the malware, which is absolutely important. However, to completely neglect the data that is being hijacked is not only negligent, but it allows for a huge security gap that attackers are taking advantage of. If the attackers can get a very sophisticated, targeted, evasive executable onto your network, the very first thing they are going to do with that malware is have it hijack your data. They’re not going to phone home, or do anything out of the ordinary that would identify it as malware. They’re just going to start transferring data right away. This is what you see with companies like Anthem, where a database query led to millions of records being uploaded to cloud storage. The critical gap occurs when there is too much focus in one area, which diverts organisations from creating a balanced security approach. What’s needed is to take a step back and look at your overall security posture to determine where your organisation is the most deficient and invest in those areas.
Question: What do you find to be todays must-have tools and skills to help reduce this gap between infection and detection?
Paul Martini: The most important tools are algorithm techniques such as network anomaly detection and data exfiltration containment. These are proactive techniques that focus on the data and they are absolute essentials for any organisation. I’ll give you an example of why they are needed. If you have a credit card charge from somewhere two or three hundred miles away, and it’s not a city you normally visit, you’re going to get an alert from your credit card company. They’ll call and ask you if it is your charge, and then you have the opportunity to proactively disregard the call, if it was a legitimate transaction, or stop the charge and prevent it from going through. Now if the credit card company called you and said, “Last year we noticed that a few thousand dollars left your account suspiciously, and by the way it was a year ago and it’s too late”, you wouldn’t be too happy. But that’s really the situation we’re in now, when it comes to data. When we are confronted with large losses of data and records, there is a lot of enthusiasm around finding the malware, which is the same as finding the criminal. But the reality is that the data itself is gone and identifying the malware that did it, doesn’t do much good when millions of records are missing. This is no different than having thousands of dollars gone from your bank account a year ago. That’s why organisations need tools that proactively monitor data such as network anomaly detection, which analyses information like packets, bytes, and connections, and looks for anomalies. Having this kind of technology in place allows you to mitigate the consequences of the malware, even before you detect an active infection. It does this by measuring your traffic behavior and establishing a baseline for what a normal day of traffic should look like. Then it can determine that today it looks 25% different. This has nothing to do with malware, it has to do with the actual data itself and keeping it from leaving the network.
Read the Entire Interview:
Malware from Infection to Detection: Closing the Security Gap to Reduce Data Exfiltration
If you’re concerned about how secure your organisation is, speak to Net-Ctrl about how the iboss platform can help you. Email us at firstname.lastname@example.org, call us on 01473 281 211 or go via our contact page.
Net-Ctrl is a UK based iboss reseller.