Time to detection, or TTD, is the window of time between the first observation of an unknown file and the detection of a threat. The industry average TTD is 100-200 days meaning many undetected cybercriminals have in excess of 100 days on average to do damage to a compromised business.
In many instances businesses are using outdated modes of protection against the new threat landscape. Many businesses are still dependent on Anti-Virus software and Firewalls rules as their principle means of protection. Given the evolved nature of threats and their ability to easily evade traditional methods of detection, the traditional approach is akin to using a colander to catch water.
A more sophisticated approach to cyber threat defences involving a combination of adaptive, integrated detection techniques with automated protection has led to a significant reduction in TTD rates. In Cisco’s case they have managed to get the TTD down to approximately 17 hours. Cisco sees this approach leading to the establishment of a “detection and response” framework which will make it possible for a faster response to both known and emerging threats.
The new framework will feature a “visibility platform” that delivers full contextual awareness and is continuously updated to assess threats, correlate local and global intelligence, and optimise defences.
Below, we present Cisco’s six tenets of integrated threat defence to help business better understand the intent and potential benefits of this architecture:
1. A richer network and security architecture is needed to address the growing volume and sophistication of cyber threats.
Eliminate the “See a problem, buy a box” mentality. Instead of simply alerting security professionals to an intrusion or a suspicious event this framework gathers activity in an automated fashion to provide a better picture of what is happening on the network.
2. Best-in-class technology alone cannot deal with the current or future threat landscape; it just adds to the complexity of the networked environment.
There isn’t much difference between the major security vendors when it comes to core security. Organisations are investing in the seemingly best and newest technologies to deal with internet security however new vendors offering the same solutions does little other than complicate the landscape.
3. More encrypted traffic will require an integrated threat defence that can converge on encrypted malicious activity that renders particular point products ineffective.
In part 2 we looked at the rise of encrypted traffic and why this is a good thing however it also makes it harder for IT security to monitor threats. With an integrated security platform and increased network visibility tracking these threats will become easier.
4. Open APIs are crucial to an integrated threat defence architecture.
With an integrated platform automation can be enhanced. This also brings awareness to security products which, in a multivendor climate, will result in better visibility and security control.
5. An integrated threat defence architecture requires less hardware and software to install and manage.
Where vendors are able to offer feature rich platforms with extensive functionality, this will decrease the complexity of IT security for SMEs. The result will be reduction in malicious groups and individuals gaining access to the network while remaining undetected.
6. The automation and coordination aspects of an integrated threat defence help to reduce time to detection, containment, and remediation.
Security teams often need to focus on the here and now. With an integrated threat defence system false positives can be reduced through automation and the more pressing security concerns can be dealt with quicker and more effectively.
It is not surprising that the businesses surveyed for Cisco’s Security Capabilities Benchmark Study are less confident in their ability to help secure their businesses. Businesses now need to consider the powerful impact that proactive and continuous integrated threat defence based on collaboration can have in bringing cybercriminal activity to light, undermining adversaries’ ability to generate revenue, and reducing the opportunity to launch future attacks.
Would you like an Independent Security Assessment to understand what threats you may be facing. Just click this link and gives us a few details, we can arrange a call back from one of our Security specialist.