Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Limit The Damage

Published 01/23/2015

Limit The Damage

By Chris Hines, Product Marketing Manager, Bitglass

the-boy-who-cried-wolf_blogDespite investments in security, breaches are still occurring at an alarming rate. Whether the result of the world’s nefarious cyber criminals sending phishing or malware attacks through company emails, or insiders simply misusing sensitive data. Given the speed of which cyber criminals are able to pivot and create new security threats, companies must change their approach to security. We now live in a world where the prevention of breaches has become too difficult. The proliferation of data outside the firewall via mobile devices i.e company laptops, personal smart phones has created an attack surface too large for company IT security teams to guard.

Criminals are no longer going for the quick win, they’re stealthily slipping through firewalls, nestling in deep within your infrastructure, and are slowly exfiltrating data through company firewalls into remote servers (they own). This often takes place for months until the criminals are finally ousted, or have gathered enough data to go off and sell in the black market, or ransom off to the victim.

Visibility into what data is being exfiltrated is crucial in limiting damage from breaches. Now, before you start thinking about your SIEM solution that sends you 17,000 alerts a week or the “visibility” company that only tells you what apps are currently running on your network (there are so many “Shadow IT” visibility companies out there but Shadow IT only represents 4% of breaches) I want to explain what I mean by visibility. Visibility is the awareness of what data is leaving your network, and tells you what the riskiest sources are, in a way that prioritizes alerts for you. It provides actionable intelligence so that you can quickly identify areas of risk, and at the end of it whether or not you are experiencing a breach.

Lessons from “The Boy Who Cried Wolf”

We all know the story of the boy who cried wolf. A small boy, who is tasked with protecting his family’s sheep, jokingly yells “wolf, wolf!” multiple times, causing the townspeople to come running with their pitchforks and torches to aid him in fighting off the wolf. When the wolf actually comes, and the boy yells “wolf wolf” again, no one comes. The boy is then eaten.

This is the problem today. Companies are relying too much on their SIEM solutions. These solutions create WAY too many meaningless alerts per day. No IT team can manage 17,000 alerts per week, and definitely doesn’t want to. SIEM solutions cry “wolf wolf” so often that IT teams no longer view them as a real threat. This is actually what happened in the Target breach. Alerts were recieved, but were not treated as true breach threats.

IT security must be able to limit the damage caused by breaches. In order to do so they need a solution that can provide them with actionable intelligence. They need to be able to identify the risky sources within their infrastructure so they can protect their data from the wolves trying to gobble up their sensitive data.

To gain true visibility and shorten breach dwell time learn about a new service called Breach Discovery. Here’s a data sheet for you.

Share this content on your favorite social network today!