Blog - article

Does Your Security Architecture Adapt to Changing Threats?

By:
Mike Banic, VP of Marketing
March 25, 2014

Target, Neiman Marcus, Michael’s. There’s no doubt that the retail sector is under attack, but prominent retailers are not alone. Criminals are targeting banks, healthcare providers, government agencies and even high schools—anyone with high-value data or a reputation to protect. Whether your business is big or small, chances are that hackers have already penetrated your network.

But what do you do?

A new Gartner report, “Designing an Adaptive Security Architecture for Protection from Advanced Attacks,” advises: “All organizations should now assume that they are in a state of continuous compromise.” The challenges outlined are the insufficiency of blocking and prevention capabilities to protect against motivated, advanced hackers. I agree with Gartner’s assessment and advice. Reflecting on the media coverage of the Target breach can help make sense of their recommendations. Most of the coverage of the attack on Target focused on how the attackers got into the network. Gartner’s thesis is that 100% perfect prevention is not possible.

When it comes to the reporters who covered the Target attack, we recommend they ask “how could the attackers have been in the network for so long, doing so much and still go completely unnoticed?”.

The Target attack has a lot in common with a long con – a series of cons played out over a long period of time. A favorite long con movie is Ocean’s 11 where it took “a Boesky, a Jim Brown, a Miss Daisy, two Jethros and a Leon Spinks, not to mention the biggest Ella Fitzgerald ever” to pull off the heist. Just like in Ocean’s 11, today’s persistent attacks present multiple opportunities to detect them. ComputerWorld ran a story, Ira Winkler: 6 Failures that led to Target Hack, which did cover the multiple detectable events in the Target attack rather than focusing on the imperfection of perimeter defenses.

This is when you ask “so why aren’t these big attacks detected?”. Gartner observes in their research note that “most organizations continue to overly invest in prevention-only strategies” and they recommend investing in detection, response and predictive capabilities.

At Vectra, we are in the business of providing detective capabilities. I recently asked a customer “what keeps you up at night?” He answered “the unknown keeps me up because security is based on what has been seen before.” He went on to say “Vectra has enabled me to detect the unknown.”

Detecting and prioritizing the multiple phases of the long con, especially if it hasn’t been seen before, is pretty cool. However, doing so without signatures, without “eyes on glass”, without adding staff and without professional services is insanely cool.

If this has piqued your curiosity, check out our video on how it works and read more about it in our white paper.

“Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” by Neil MacDonald and Peter Firstbrook, 12 February 2014, ID G00259490, https://www.gartner.com/doc/2665515/designing-adaptive-security-architecture-protection, page 3  “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” by Neil MacDonald and Peter Firstbrook, 12 February 2014, ID G00259490, https://www.gartner.com/doc/2665515/designing-adaptive-security-architecture-protection, page 1

About the author

Mike Banic

Mike Banic is the vice president of marketing at Vectra with extensive experience in global marketing, product marketing, and product management to previously serving on the board of the Ronald McDonald House at Stanford.

Most recent blog posts from the same author

Security operations

Fatal SIEM flaw: No body, no murder

November 7, 2017
Read blog post
Cybersecurity

What’s an adaptive security architecture and why do you need it?

February 2, 2017
Read blog post
Cybersecurity

Time to update how we manage and address malware infections

June 28, 2016
Read blog post