Network Security: Why Prevention Is No Longer Enough

Did you know that over 90 percent of US businesses suffered at least one cyber attack in the last 12 months? Worse, the typical intrusion wasn’t detected for almost 8 months. By then, the damage was done, critical information was lost — and the trail had gone cold.

Perhaps the biggest injury? Loss of revenue — lots of it. Nearly 46 percent of customers leave or avoid vendors once they’ve reported a breach.

Cyber-crime is a reality of this information age. With all of IT’s preventative measures in place, how is it we can’t stop the intrusions — or at least limit the damages?

An ounce of prevention… fails

With statistics like these, it’s not a question of if you’ll face an attack, but when. If you’ve been in the lucky 10 percent for 2015, you probably won’t be for long.

Traditional network security includes strong firewalls and stringent policies to prevent unauthorized access. These measures are preventative, that is, they limit damages by trying to keep intruders out of the network to begin with.

But cyber-attackers are nothing if not determined. No matter how much prevention you apply, if they want in, they’ll find a way.

So companies add SIEM — security information and event management — software and hardware that monitors and log events on the network. These attempt to identify suspicious activity in the logs, correlate them to actual intrusions and report on them. The reports are only as good as the software, though, and only as timely as the person reviewing them.

But the stats show most intrusions aren’t detected for months. This means that …

• preventive measures are insufficient,
• SIEM packages aren’t identifying the proper events,
• device configurations are incorrect or out-of-date,
• integration with all systems, data sources and applications is incomplete, or
• a combination of these and other shortcomings.

Most traditional prevention and monitoring are simply too manual and too reactive. They can’t detect and thwart today’s sophisticated cyber criminals.

Proactively detecting — and stopping — the threat

Would you install a home security system without trip sensors? Or one that didn’t alert you — or the police — because it “wasn’t sure” if there was an intruder? Of course not. The last thing you want is to come home later and find out someone has been rummaging through your drawers.

Yet that’s how traditional prevention / monitoring solutions work. The intruders get through a “open window,” get what they want and are gone before you’re aware of them.

Your network security is more complicated than doors and windows, of course, but the idea is the same. It isn’t enough to just install some traps and log the data for a daily report. Plus, your network is dynamic, with devices and users being added and removed all the time. That means your IDS configuration requires constant updates.

In today’s threat landscape, you need more than basic prevention and monitoring. The cure is a proactive SIEM that:

• Relieves your staff of constant updates with asset discovery
• Provides continuous threat detection and vulnerability assessment against the very latest threat signatures
• Integrates trouble ticketing and response workflow to track, correlate, remediate and notify
• Gives you complete and immediate visibility on what’s happening right now so you can respond before it’s too late
• Integrates continuous threat intelligence to leverage threat research around the globe
• Deploys a variety of detectors with ease, from a single console

Some traditions are made to be broken

The old adage about “an ounce of prevention” doesn’t hold up anymore, not where your network security is concerned.

Traditional SIEM applications provide logging, event management, event correlation and reporting. They leave everything else up to you — including all the device configuration, updating threat signatures, tracking the outages, checking your file system health and more. And yet the intruders still get in — and get away.

If you’re still using traditional SIEM, maybe it’s time you applied some of the cure — a unified, intelligent alternative.