The Key to Next-Gen Cyber Security is: Complete Threat Visibility
Despite many advances in smart firewall and endpoint cyber security protection, security breaches continue to plague the IT landscape. In 2019, over 100 major breaches have occurred, according to Identity Force, according to Risk Based Security and as reported by TechRepublic, they further state that, “more than 3,800 data breaches have hit organizations, representing an increase of 54% in 2019" - so far.
Despite endpoint technology innovations, cyber attackers have found new ways to exploit network and endpoint weaknesses. They've also developed new methods, such as ransomware, to extort money without having to exfiltrate data. But there are indicators available on the wire to detect these attacks!
Endpoint security is much like placing a deadbolt, chain lock, and steel bars on your home door to prevent burglars from breaking in. It blocks attackers from gaining direct access to you IT environment. Instead, what attackers do is to find another way in. It's like a burglar that, instead of trying to breach your heavily secured doors, enters you house through an unsecured window.
New IT security threats require a new approach!
Home security firms have come to realize that the way to provide the highest level of security is by complementing deadbolts with video cams to continuously monitor a domicile. This enables an immediate response to attempted breaches as soon as they’re detected.
IT security requires a similar approach.
Firewalls are like door locks. They work effectively when an intrusion is attempted directly at them. Endpoint agents can be effective if properly implemented and no weak links are offered to the attacker. Also, many endpoints are not able to be instrumented by an agent such as IoT, ICS and BYOD
Cyber security attackers are also adept at covering their tracks for how they got through the endpoint or even that they did. IT environments always have a number of vulnerable entry points that ultimately become forgotten and then become part of the shadow IT inventory.
Cyber security attackers are very innovative in finding ways, such as credential phishing, etc., to obtain legitimate or legitimate-looking ways to get through endpoints. Once they’re inside a network, it’s frequently too late to prevent them from inflicting serious damage.
It’s apparent that endpoint security alone isn’t sufficient to stop security threats. Once the attacker is inside the network. The only source of for detect threats then is full network traffic analysis and analytics using machine learning and AI. This makes it possible to observe and defend against the intrusion and to conduct forensics investigations
Splunk and Accedian - Next Generation Tactics..etc
Accedian is partnering with Splunk to provide next-generation Tactics, Techniques, and Procedures (TTP) threat protection. At the heart of the initiative is the Skylight security application for Splunk, which is based upon Skylight’s extremely precise network traffic capture sensors that turn all that traffic into an extremely efficient metadata stream. The metadata stream is less than .5% of the overall traffic, which enables long-tail data retention. This is used to fuel advanced security analytics and forensics and is retained in the Splunk data lake.
The Skylight security app with Splunk capabilities are analogous to detecting a burglar stealing your silverware from cupboard, analyzing the situation to make sure it isn’t just a family member taking a spoon to eat their dessert, and then notifying you in real-time so that you can implement measures to stop the intrusion and theft.
To learn more about what you can do to fortify your security posture, read our blog: "Infrastructure-based Security Solutions – What to Consider."
To learn more about Accedian’s partnership with Splunk to provide advanced TTP threat detection, read our blog: “Where were you when your cyber security was breached?”.
Also, to learn about the Skylight security app for Splunk, visit its Splunk base landing page.
Author – Tom Fisher is a Senior Product Marketing Manager for Accedian’s network and application performance management and security solutions. He has more than two decades of experience in performance management as a ‘speed guru’ for NPM, and APM. Tom has also been a design engineer, product manager, and product marketing for security technology. He holds a BSEE in Computer Design from the University of Wisconsin, Madison and a graduate CM in Marketing and Finance from Harvard University.
Accedian is the leader in performance and security analytics and end user experience solutions. They are committed to empowering customers with the ability to see far and wide across their IT and network infrastructure and a microscopic ability to dive deep and understand the experience of every user.