Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
According to the Ponemon study, “2014: A Year of Mega Breaches” published in January 2015:
- More than half of the most serious data breaches are not discovered until one year after the incident, and most of these are discovered accidentally.
- In nearly two-thirds of organizations, IT departments fail to stop the most serious breaches because attackers “evaded existing preventive security controls.”
- More than half of all senior management are now “extremely concerned” about data breaches compared to only 13 percent in 2013.
- More than half of all companies have increased security budgets by one-third, and most of their additional spending was on security incident and event management (SIEM), endpoint security and intrusion detection and prevention tools.
Security teams face increasing pressure from management to prevent breaches, discover attacks faster, and become more efficient. Most will not succeed because the security infrastructures they have in place do not work against most of the advanced persistent threats organizations face today.
Advanced attacks are conducted by malicious actors with the highest levels of skill, resources, and patience, while most organizations have deployed a collection of “automatic” tools designed to counter relatively unsophisticated attacks. Current solutions, including SIEMs, cannot provide an enterprise’s analysts, their most effective counter weapon, with all the information they need to be more efficient and effective. Security teams spend most of their time reacting to alerts, producing reports and piecing together information from many systems, instead of proactively investigating and hunting the stealthy attackers already on their network – the ones who do the most damage. Chief security officers and other senior management are disillusioned and tired of listening to software vendors tell them how their latest and greatest product or upgrade is finally going to solve the problem.
Given the current state of cyber security, what can enterprises do to protect themselves from data theft and other malicious activities? How can organizations increase their likelihood of detecting attackers and reducing dwell times? Many leading edge organizations and those with the most critical assets, such as the Department of Defense, understand these issues and are taking steps to compensate for them using advanced network-based analytics.