Finding Threats on Your Network: Hunt or Be Hunted
Is your network secure right now? Have any of your PCs or mobile devices been compromised? Before you even attempt to answer these questions, you need to pause and ask yourself: Can you actually answer either of these questions with any degree of certainty? Think hard about that one—because your job may depend on it.
According to the recent Verizon Data Breach Investigations Report (DBIR), the average time it takes for an organization to detect a compromise or to discover an attacker inside its network is measured in months—and sometimes years—rather than hours or minutes. With many of the major data breaches in recent years, the company found out about the attack the hard way—with a phone call from a credit card merchant or the FBI reporting stolen customer data being exposed or used in the wild.
The traditional security model is no longer working
The problem is a function of the traditional approach to security. The standard model employed by most organizations for the last decade or more is broken, and it’s time for a new strategy that focuses less on prevention. You need to look at security through a lens of shortening that time to detect a compromise and actively hunting for threats.
It's time for a new strategy that focuses less on prevention
It isn’t really a secret that the perimeter is dead. The concept of “inside the network” and “outside the network” and the idea that you can protect your network and data by simply keeping the bad guys out has been an outdated strategy for some time now. The explosion of mobile devices and BYOD (Bring Your Own Device) programs and the rise of cloud services have effectively removed whatever wall might have previously existed between your network and the bad guys.
The threat landscape has changed
Even if that was not the case, the reality is that the threat landscape shifted as well. While organizations were busy trying to harden the network perimeter, cyber espionage malware attacks like Stuxnet, Flame, and Duqu were silently spreading … undetected. While IT admins have been busy looking for unauthorized access and trying to keep the bad guys out, the attackers have been stealing credentials and logging in with valid usernames and passwords.
The vast majority of network compromises and data breaches have the appearance of authorized activity
The reality is that the vast majority of network compromises and data breaches have the appearance of authorized activity. Whether it’s an inside job by a disgruntled employee, or an external attacker using a username and password captured in a phishing attack, what you see on your network is an authorized user with valid credentials. The crucial key isn’t whether the authentication itself is valid, it’s whether the access is common behavior, and whether the actions taken once the access is granted seem normal or suspicious.
How can you defend your network and data against current threats? Effective security comes down to three things: visibility, context, and action. You have to pay closer attention. You need tools in place that can actively monitor all of the endpoints and devices on your network—that can combine business intelligence and threat intelligence to provide context and help you identify suspicious or malicious activity.
How Tenable can help
Tenable SecurityCenter Continuous View™ (SecurityCenter CV™) gives you the tools and information you need to proactively tackle the threat hunting problem and address compromises before they become breaches. SecurityCenter CV provides comprehensive visibility and critical context to enable you to quickly take effective action.
Don’t wait for the FBI to let you know your network has been breached. Don’t expect traditional perimeter security and anti-malware defenses alone to protect you. Adopt a new approach to security and actively hunt for threats before they hunt you.
Adopt a new approach to security and actively hunt for threats before they hunt you
For more information, read about Tenable’s Threat Hunting solution. And watch the Tenable Blog this month for more articles about Threat Hunting.