If you could shine a spotlight on cyber attacks, where would you shine it?
14 March 2016
At first glance, this seems like a stupid question. It implies that cyber attacks are like people trying to break into your site in the dead of night and a well-aimed torch beam will highlight them and scare them off. And yet this is exactly how security monitoring systems work.
- Monitoring systems only shine a “spotlight” on one or two data types each so you need to buy multiple systems
- Hackers design their attacks to slip through the dark gaps in between your monitoring systems
- Pervade have created a new “floodlight” approach to monitoring which analyses all data types in a single configurable system
Cyber attacks come in all shapes and sizes from sneaky APTs (Advanced Persistent Threats) that worm their way onto the network and can sit dormant for month before waking up to cause havoc from inside the network, to the next generation of slow death DoS (Denial of Service) attacks that can bring down practically any website from outside the network.
However, whilst the attacks can come in many forms and flavours, the protective monitoring systems used to identify them are still limited to only being able to monitor one or two data types each. For example, SIEM (Security Information and Event Management) systems monitor log data but if you wanted to check the configuration files of devices to identify changes that have been made you need a different monitoring system because log system do not monitor configs and config systems do not monitor logs.
This same problems extends into vulnerability, file integrity, behavioural anomaly detection, availability, asset, database, application monitoring and many more.
In fact, it is not unusual for a large company to have half a dozen different monitoring systems or more – each “shining a spotlight” on one aspect of the information security infrastructure.
Even the monitoring companies themselves acknowledge the problem. In the opening keynote speech of the largest information security conference in the world, held in San Francisco in February, Amit Yoran, President of RSA Security admitted that “logs are simply not enough” and “comprehensive visibility is the base block for truly insightful analytics and scoping out incidents correctly”.
Hackers have little or no difficulty navigating the dark patches of a network ensuring that their attacks are all but invisible to each individual monitoring system and it is left to the skill, knowledge and experienced eye of the hardworking security analyst to try to spot these attacks (and we wonder why there is such a massive skills gap in cyber security!).
It doesn’t have to be this way.
After two years of self-funded development a UK-based independent software vendor called Pervade, voted one of the UK’s Most Innovative Cyber Security Companies (in a techUK competition held at Infosecurity Europe in London last year), launched the world’s first security monitoring system capable of gathering, correlating and reporting on ALL DATA TYPES in a single configurable system.
In a recent filmed interview for the Telegraph, CTO Jonathan Davies said “by bringing all data types into a single system we have brought an end to this crazy spotlight-based monitoring and finally turned the floodlights on. Current and future attacks are going to find it very hard to hide from detection when their every move can be correlated and displayed on a single screen”.
If you believe that you may have gaps between your monitoring spotlights or dark patches in your infrastructure contact Jonathan and the team at Pervade Software for an insight into the next generation of protective monitoring.