Over the past five years, the number of records compromised in US business breaches has exploded, growing from less than 20 million in 2010 to over 92 million in 2013. With major breaches at Target and the Home Depot, and many smaller breaches in the last year, the increase in records lost does not appear to be on the decline.

Some form of security technology was in place at most of these breaches so it is becoming clear that the issue is not one of having technology, but is in the reliance on outdated modes of security practices. Active, persistent attempts at breaching organizations is inevitable in this day and age, but breaking down the attacks and being able to intelligently detect the signs of a breach in real-time will help to minimize the destruction or exfiltration of data.  There are steps to help defend against the unknown, and with the right security approach, decrease the significant gaps between compromise and discovery.

Improve Your Vision To Defend Against Unknowns

Maintain visibility into the GLOBAL threat landscape.

Through the use of a global network of analytical servers, endpoints, security partners and other data collection tools and by collating varying types of threat data such as IP data, URL and Web data, Mobile App Data and Malicious File Data it becomes possible to understand the current, active threat landscape. Without a global network of collectors and without multiple data points it is not possible to have a complete understanding of the current threat landscape.

Ensure a real-time view of Internet objects to keep up with the new threats and the changing nature of known threats. 

Through the use of machine learning and automated analysis of data captured by endpoints, honeypots, security partners and other data collection vectors it is possible in real-time to identify zero-day and zero-hour threats. With the proper deployment mechanisms these threats can be detected and blocked within minutes or seconds ensuring organizations are protect from even the most aggressive threats.

Use intelligence to look for signs of successful attacks (no security is perfect).

Using contextual analytics to build relationships between threat data types an organization can now begin to dig deeper into known attacks to understand both the origin and the intent of a malicious player. A single data point such as an IP Address is no longer a standalone threat element rather it is now possible to analyze relationships that IP address has not only with other IP addresses but with Mobile Applications, Malware and URLs. This analysis allows not only the ability to more quickly and reliably identify a threat but paints a better picture of the nature and intent of an attack.

With the number of successful breaches increasing, it’s time for companies to improve their security vision to protect against the unknowns. As no security system on its own is perfect, it’s time to push for a layered approach with contextual analysis, automation and predictive machine learning as the new standard. This tactic, along with better breach awareness, will only help to decrease that gap, increase reaction time, and stop a breach from having a lasting impact on data and corporate reputation.


David Dufour

About the Author

David Dufour

Vice President, Engineering

David Dufour is the Vice President of Engineering at Webroot. He has 25+ years of experience in systems integration and software engineering focusing on large-scale, high-performance, high-availability integration solutions.

Share This