Adding a second protective layer and effective correlation is the best defence against cyber attacks

News by Dan Raywood

Early detection is the best protection method against cyber attacks and a second line of defence should be leveraged.

Early detection is the best protection method against cyber attacks and a second line of defence should be leveraged.

Senior vice president of marketing at ArcSight, Reed Henry, commented that whitelisting, software patching and other preventive approaches are best practices and must continue when it comes to protecting against attacks, but they will always be one or two steps behind the cyber criminals.

Henry said: “So beyond preventive measures, companies must leverage a second line of defence, a defence that provides early detection and response through automated monitoring to minimise any potential damage before significant losses occur.

“Early detection is critical to stop a breach after the initial exploit. The 2008 Verizon Breach Report showed 74 per cent of breaches take weeks to months to detect and 69 per cent detected by people outside the hacked firm, indicating that companies have little awareness of what is happening in their networks and with their critical assets and infrastructure.

“This lack of visibility makes it easy for the criminal to carry on long-term breaches as they did in the high profile cases at Heartland Payment Systems and TJ Maxx where the breaches lasted 18 months and resulted in the combined theft of over 220 million transaction records. The key is to tighten the window of detection so the criminals go home empty handed.”

He said that doing this involves collecting and correlating the digital fingerprints of all activity across the enterprise and automating visibility to the important enterprise threats and risks.

“In the end there is no silver bullet to end this problem. We're fighting organised criminals who are ever-evolving, sophisticated and well-funded. The best defence here is the automated vigilance of enterprise threat and risk monitoring, which is powered by security information and event management technology. Enterprise threat and risk monitoring provides the early detection and response companies need in this battle against a more powerful foe,” said Henry.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews