The world of cyber security is complex and misunderstood by a majority of the public. Even in IT, few people understand the complexities of a sophisticated cyber attack. It's this lack of understanding and the low number of experts in the field that give cyber attackers an advantage.
The Cyber Security War
Cyber security is a two-party war, and technology is its facilitator. On one side, you have organizations continually updating, reviewing and defending its infrastructure. On the other side, you have cyber criminals firing attack weapons at defenses. In the middle of the virtual war is technology, which gives everyone abilities to either be on the defense or attack.
For an enterprise hosting data reservoirs, it seems like attackers never rest. But, technology offers numerous cyber security defenses to automate, monitor and defend without human intervention. Included in an enterprise's defense arsenal are numerous applications and hardware - endpoint protection, security incident and event management systems, IDS and IPS systems, cyber intelligence platforms, and entity-based analytics are just a few tools that the enterprise can use.
Are Current Cyber Security Defenses Strong Enough?
Any cyber security defense is continually under scrutiny from cyber criminals. Although an enterprise could be completely locked down one day, the next could be the day an attacker finds vulnerability. According to the latest Verizon Data Breach Investigation Report (DBIR), attackers continue to use action varieties to gain unauthorized access - stolen credentials, RAM scrapers, phishing, privilege escalation, backdoor injection, malware, spyware, and keyloggers.
Because of the frequent changes to the way cyber security is implemented, its features and standards have a lot of moving parts. Cyber criminals find new vulnerabilities and attack vectors, and defense experts find new ways to stop them from stealing data. Verizon reports that it takes just a few seconds for an attacker to compromise a system, and just a few hours to exfiltrate data from a system. On average, it takes corporations months to detect the compromise and then contain it. Verizon reports that 68% of data breaches take months to detect, and this is only after gigabytes of data have been extracted from the network.
Clearly, most current approaches to cyber-defense are not working adequately. Although there are more than enough cyber security solutions for corporations to choose from, the fact is that WELL OVER HALF of all cyber attacks are successful in stealing information weeks before the companies even know that they are victims.
Data-at-Rest Will Not Suffice In The Cyber War
To combat innovative ways attackers breach a system, an enterprise can improve their defenses by using the latest in cyber security software and hardware. Sensors and streaming analytics are now commercially available and offer methods to capture and analyze data in real-time instead of using static data. This solution is an integrated approach to real-time decision making built on a complete view of the environment using real-time input combined with historical data (data at rest) and the ability to self-tune and learn.
Data exists in two very distinct states:
- Live, production data (data-in-motion)
- Stored, log data (data-at-rest)
The main difference between these two types of information is that data-in-motion is the information that lives on your network. This data represents events happening now, where data-at-rest is logged information that was previously recorded. It could be data from an hour ago or data from a year ago.
Current cyber solutions only analyze data-at-rest. These systems are set up where large amounts of information are collected, stored, and later analyzed with cutting-edge technology and machine learning to better understand patterns that indicate a possible breach.
Unfortunately, analyzing data-at-rest does not address cyber attacks currently in motion. One reason for this is the complexity involved when analyzing large data sets. Another factor is that cyber security solutions are looking at old data, not live data. By relying only on data-at-rest, these solutions are effectively watching the Super Bowl on DVR a week after it airs, instead of watching the Eagles win it live on Sunday night.
The Solution to Data-at-Rest?
Recent developments in networking technologies break the mold of how cyber security solutions are implemented. In-memory computing, programmable chipsets, protocol agnostic network sensors, and distributed messaging systems (such as Apache Kafka) have all laid the groundwork for companies to analyze network events in real-time.
The only obstacle is figuring out how to do this without completely redesigning networks and walking away from investments made in traditional, data-at-rest based cyber security solutions.
So, data-at-rest is obsolete. What now?