This post is an introduction to a multi-part series that will explain how and why the Department of Defense has moved beyond automated alerting to defend its networks.
According to the Ponemon study, “2014: A Year of Mega Breaches” published in January 2015:[clear-line]
- More than half of the most serious data breaches are not discovered until one year after the incident, and most of these are discovered accidentally.
- In nearly two-thirds of organizations, IT departments fail to stop the most serious breaches because attackers “evaded existing preventive security controls.”
- More than half of all senior management are now “extremely concerned” about data breaches compared to only 13 percent in 2013.
- More than half of all companies have increased security budgets by one-third, and most of their additional spending was on security incident and event management (SIEM), endpoint security and intrusion detection and prevention tools.
Unfortunately, SIEMs, perimeter defenses, and even leading Security Analytics solutions cannot provide an enterprise’s analysts, their most effective counter weapon, with the timely information they need to be efficient and effective. Security teams spend most of their time reacting to false alerts and piecing together information from many systems, instead of truly investigating and hunting the stealthy attackers already on their network – the ones who do the most damage. [clear-line]
Given the current state of cyber security, what can enterprises do to protect themselves from data theft and other malicious activities? How can organizations increase their likelihood of detecting attackers and reducing dwell times? Many leading edge organizations and those with the most critical assets, such as the Department of Defense, understand these issues and have taken steps to compensate for them using advanced network-traffic analytics.
Join us as we continue this blog series with important information about how an enterprise can significantly reduce damages caused by sophisticated attackers by making their staff far more efficient and effective. Tune in to explore the following topics and learn how advanced network-traffic analytics changed cyber security operations for the Department of Defense:[clear-line]
- Description of the limitations of today’s security solutions and how advanced network-traffic analytics can help improve enterprise security.
- Two case studies about how the Department of Defense benefits today from this technology.
- High-level review of the technical architecture of an advanced network-traffic analytics solution and how it can be used to thwart attacks.
- Discussion of how enterprises and their security teams will benefit from a network-traffic analytics approach to enterprise security.