Keith Bromley and Steve McGregory from Keysight Technologies (formerly Ixia) will be talking about a security architecture concept called Network Security Resilience. While this concept is not new, it has received as much attention as typical defensive strategies have. This may change with the new NIST Framework for Improving Critical Infrastructure Cybersecurity that places more effort on breach recovery and mitigation.
Basically, it’s not a question of IF your network will be breached, but WHEN. News broadcasts for the last several years have shown that most enterprise networks will be hacked at some point. In addition, the time it takes for most IT departments to notice the intrusion usually takes months—over six months according to the Ponemon Institute. This gives hackers plenty of time to find what they want and exfiltrate whatever information they want. What if you could reduce that time to 1 month, i.e. cut it to 1/6 of the time? Or maybe reduce it further to one week, or maybe to just one day? What if you could go further? Would that be of interest to you?
There are some clear things that you can do to minimize your corporate risk and the potential costs of a breach. One new approach is to create a resilient security architecture model. The intent of this model is to create a solution that gets the network back up and running after a breach has occurred, as fast as possible. While prevention should always be a key security architecture goal, a resilient architecture goal focusses on recognizing the breach, investigating the breach, and then remediating the damage as quickly as possible. Join us for a discussion to learn how security resilience can help you optimize your network security.
Some key thoughts we will discuss during the event:
Key simple facts about today’s security defenses:
The average length of time from intrusion to identification is 191 days
57% of breached companies have to be informed of the breach by someone else (law enforcement, business partners, customers)
68% of breaches happen over the course of days
A “resilient approach” allows you to:
Strengthen your capabilities to defend against attacks
Maximize your ability to rebound from an attack
And minimize the severity and cost of security breaches
A Visibility Architecture is critical to your security architecture-you can’t defend against what you can’t see
There are several possible actions you can take. Here are just a few:
Deploy threat intelligence gateways to prevent the exfiltration of data to known bad IP addresses
Use application intelligence to help find indicators of compromise (IOC)
Decrypt SSL-based monitoring data with a network packet broker (NPB) to distribute data to forensic tools for faster analysis
Implement adaptive monitoring using the automation capabilities of an NPB to respond to SIEM instructions in near real time to pass suspect monitoring data to data loss prevention (DLP) tools for analysis
Capture and filter monitoring data, and then send that data to a purpose-built device to look at traffic patterns and IOC
Join us for this interesting discussion on how to improve your responses to a security breach and some of the things you can do now to reduce the pain and cost associated with a breach.
If you can’t make it to the event, watch the podcast on-demand or check out some of these free resources.