The methods cyber attackers use to infiltrate networks are endless. There is no doubt that the more sophisticated bad guys looking to steal specific data have enlisted surreptitious ways to achieve their ends. From targeting specific employees with convincing phishing emails that encourage them to download malware-riddled attachments to taking advantage of vulnerable web apps, these miscreants find myriad ways to gain entry to networks so that they can siphon off sensitive data – most often unnoticed for days, weeks or even months. Implementing a combination of just the right policies and plans, along with the most effective technologies to support them, is paramount. In this 20/20, we talk to a leading industry expert to learn how cyber crooks are making off with critical data and what methods and types of technologies you should consider to stop them in their tracks.
2. Prevention has proven to be elusive
2013 “Cost of Cybercrime Study”, Ponemon Institute
A detailed study of 56 “Large US firms”
Results:
102 successful intrusions
between them
Every Week!
3. “There are two types of companies that use
computers. Victims of crime that know they are
victims of crime and victims of crime that don’t
have a clue yet.”
James Routh, 2007
CISO Depository Trust Clearing Corporation
4. “How would you change your strategy if
you knew for certain that you were going to
be compromised?”
Martin Roesch, 2013
Founder & CTO Sourcefire, Author SNORT
5. So many security technologies to choose from
Given the 10 most recommended technologies
and the pricing range, an organization could
expect to spend anywhere from $225,000 to
$1.46m in its first year, including technology and
staff.
Source: The Real Cost of Security, 451 Research,
April 2013
Factor into this:
Initial Licensing Costs
Implementation / Optimization Costs
Ongoing Management Costs
Renewal Costs
Integration of all the security technologies
Training of personnel/incoming personnel
6. Questions for SIEM Vendors
HINT: PRINT THIS OUT FOR THE NEXT TIME THEY CALL YOU….
1. How long from installation to security insight?
2. integration work measured in years, months or hours?
3. Do you simply integrate data from security tools (SIEM), or embed tools
and orchestrate into effective incident response workflows (USM)?
e.g. asset inventories, IDS, vulnerability scans, netflows, etc.
4. What is the real TCO - licensing, consulting, implementation and
maintenance/tuning fees?
5. A list of alarms or step-by-step instructions on how to confirm, respond
and mitigate threats?
6. Is there a community for threat sharing? If so, how large, broad and
open?