February - 2015 - issue > CXO View Point

Cybersecurity Trends: Advanced Threat Detection

Rekha Shenoy
VP- Business and Corporate Development-Tripwire
Thursday, February 5, 2015
Rekha Shenoy
Cybersecurity was front page news all through 2014 and we should expect that trend to continue in 2015 because the behavior of cybercriminals has fundamentally changed. A few years ago the majority of cyberattacks were based on viruses and malware designed to be deployed across a large number of potential victims. Today, cybercriminals are targeting specific companies. They look for weaknesses and identify various ways to gain access to targeted corporate networks. Once they are inside they expend significant resources on evading detection so they can maximize access to confidential data. This shift in tactics was a key factor in many of last years' "mega" data breaches including Target, JP Morgan, Michael's and Sony as well as many others.

The technical sophistication behind these attacks, and the criminals' ability to evade detection by traditional security tools, has left many companies under this impression that there is very little that can be done to protect their confidential data. This is just not so. Larger enterprises on the cutting edge of cybersecurity are building solutions that use machine learning and automation to radically reduce the time needed to detect and respond to a cyberattack in progress.

The Challenge to Detect
One of the key challenges associated with detecting an advanced cyberattack is that large organizations network infrastructures are naturally in a constant state of change. Every cyberattack leaves behind detectable changes but cybercriminals are able to hide in plain sight by disguising these changes as normal network activity.

Detecting anomalous change among hundreds of thousands of routine changes is a key to quickly identifying the changes that indicate a cyberattack in progress. This problem is rapidly becoming more difficult by orders of magnitude. The indicators of malicious change are constantly shifting, and the volume of normal change on enterprise networks is routinely very high, especially for large enterprises that have hundreds of thousands of mission critical systems and associated network devices. This makes detecting malicious changes laborious and time consuming. This detection problem can be particularly daunting if the problem-solving approach relies on applied human intelligence.

One of the key trends in cybersecurity defense is the development of a wide range of community and commercial threat intelligence feeds that make it possible to dynamically search for specific malicious changes, also called indicators of compromise, such as IPs associated with malicious attacks, malware file names and hashes and specific attack vectors. These services allow organizations to share information about current cyberattacks.

Share on Twitter
Share on LinkedIn
Share on facebook