Traditional perimeter guards are no longer enough to guarantee network security, with defences that rely on machine learning and analytics the way forward.
That’s according to Wynyard Group, who says cyber security is moving away from focussing on the perimeter and machine learning and analytics to detect and stop attacks as they occur.
While still wholly necessary as a first line of defence, traditional perimeter guards, such as firewalls, are no longer enough to guarantee a network cannot be breached, the security firm says in a company blogpost.
“The chances are your network will be hacked – and it probably already has been,” Wynyard says.
“Hackers have long since learned to scale those walls. Some hack for fun, some for money and some just hack to make a point; it’s not difficult.”
What is difficult is working out when it happened and how to minimise the damage, the company says.
“Many organisations are now locked in a constant game of cat and mouse between their defenders and potential invaders.”
Prevention better than a cure
Wynyard says many organisations unfortunately cannot avoid storing people’s personal data and running large networks of proprietary information to keep operations going.
“The security of that information is paramount, with its vast amounts of personal identification details that could be stolen to commit fraud and network activities that, if disrupted, could spell disaster,” it says.
“Organisations such as the U.S. government’s Office of Personnel Management, which has apparently been hit by several breaches and lost countless records from background checks on job applicants including 5.6 million people’s fingerprints, highlight the importance of not only trying to prevent hackers getting in but also spotting them once they do,” Wynyard says. “And kicking them out before they can take what they came for.”
Failing to spot a network breach and allowing criminals time inside a network to look around and copy, move or delete data is ultimately a far greater expense than efficient cyber-security will ever be, the company explains.
“TalkTalk in the UK suffered customer data losses that will cost the telco millions of pounds to remedy as it joins fellow hacked organisations in arranging 12 months’ free identity theft checks for affected customers and other potential remedies,” Wynard says. “The company was criticised for elementary cyber-security oversights.
“And in Australia, although a network breach at Kmart was relatively contained, the infiltration of such a big-name retailer catapulted cyber-security into the spotlight, underlining the fact that just about every organisation is at risk and the costs can be high.”
Increasing automated analytics
According to Wynyard, the cyber security market has a growing audience of organisations becoming increasingly aware that, in the case of network security breaches, it’s not a matter of if but when.
“More and more are keen to work out just what the latest defensive actions are in this new landscape,” the company explains.
“It can seem a huge task to monitor vast networks and flows of traffic so the best approach is automated analytics, to take the human stress out of the equation.”
Wynyard says there have been several digital developments to help reduce the number of databases falling prey to hackers. Products such as Open Network Insight (ONI) are helping – ONI is an open-source tool that monitors operational and security threats in datacentres.
In turn, it relies on Enterprise Data Hub, a platform that can collate an organisation’s various data resources and store them together, enabling unified analytics and other value-adding activity to be performed more succinctly.
“The rising demand for more sophisticated techniques to counter the damage caused by network breaches has also seen the growth and continuing development of cyber threat analytics solutions,” Wynyard says.
“New and emerging cyber analytics offer a ‘behavioural intelligence’ approach. The software platforms work within an organisation’s network, learning its normal traffic and activity patterns then watching for anomalous incidents that could indicate a breach.”
The software flags any such suspicion to the IT security team for further investigation as soon as it is detected, says the company.
“Using analytics support platforms, such as Wynyard’s Advanced Cyber Threat Analytics (ACTA) offering, is becoming ever more prominent as a go-to solution for inevitable network security breaches.
“Looking for, and acting upon, the information already available within your own network is the new normal in information security. It is rapidly becoming a real-time answer to keeping reputational and financial damage to a minimum.”