While IT professionals now work on the assumption that their networks are constantly at risk, traditional cyber security systems still use a ‘protect & prevent’ approach rather than a more modern ‘detect & respond’ approach.
In reality, the biggest security threat that most organisations are exposed to exists within their own network. Social Engineering is a growing method for hackers who want to break into networks, and endpoint security cannot identify if an authorised user’s device is sending out sensitive data. Bring Your Own Device (BYOD) and tools that encourage online collaboration also blur the lines between trusted and untrusted data sources, making identification of threats far more difficult.
Increasingly sophisticated attack activity can only be detected by real-time internal network monitoring, which until now has proved to be an almost impossible task, due to the volume of data which flows through even the most basic of networks. The traditionally applied security systems such as firewalls, Intrusion Detection Systems (IDS) and anti-virus should therefore form only part of modern cyber defences.
An additional network layer is needed to quickly identify activity caused by malicious behaviours, regardless of whether it’s a new threat, a novel technique, or a malicious insider. Such a behavioural-based system delivers incredibly high detection rates with equally low false alarms, and would be equally powerful in identifying potentially exploitable weaknesses in a network before any attack actually occurs - enabling organisations to proactively increase the security of a network over time.
This step change in the battle to combat the increasingly sophisticated cyber security threat would identify malware that actively outwits rules-based or sandboxing appliances, as well as data being leaked by a trusted device. Organisations could also proactively close vulnerabilities in a network rather than reactively patching holes once they’ve already been exploited by an attacker.