Data Breach: Blueprint for the Next-Gen Security Operations Centre

2015 ended with the largest data breach ever publicly reported. An astounding 191 million records were exposed. It may have been the largest, but it wasn’t alone: in 2015, a record-setting total of nine mega-breaches were reported. Today’s threat environment is evolving at a remarkable rate as cybercriminals improve their ability to change and adapt. With the growing number of targeted attacks, it has become virtually impossible to block every threat before it reaches a company’s network. As we ramp up to address these challenges that plague enterprises - one thing is certain: attackers will continue to escalate their activities on several fronts, launching complex multi-phased assaults.

The Symantec’ Internet Security Threat Report Vol. 21 revealed how cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. Defending enterprises from these threats is an increasing challenge. Targeted attacks pose risks to sensitive data loss, financial loss, reputation damage and more. Meanwhile, advanced attacks continue to accelerate and evolve. In 2015, globally, a government organization or a financial company targeted for attack once was most likely to be targeted at least three more times. Overall, large businesses that experienced a cyberattack saw an average of 3.6 attacks each. Clearly, the question that enterprises are posed with is not if and when it will be comprised, but how often?

The Current State of Adversary Defense

Today’s attackers are often well funded, highly stealthy and persistent. Symantec’s research highlighted that the number of zero-day vulnerabilities discovered in 2015 reached a record-breaking 54, a 125 percent increase from the year before, reaffirming the critical role they play in lucrative targeted attacks. Meanwhile, malware increased at a staggering rate with 430 million new malware variants discovered in 2015. The sheer volume of malware proves that professional cybercriminals are leveraging their vast resources in attempt to overwhelm defenses and enter corporate networks.

The worrying prospect is to stop and think of the kind of impact a weakened state of adversary defense will have on a business - a poor response time, high response costs, limited response effectiveness and inability to demonstrate security ROI. Notably, a Ponemon study indicated that financial firms take an average of 98 days to detect a data breach and retailers can take up to 197 days indicating that detection takes too long. Another Ponemon study highlighted that the response time affects the overall impact to the business with an average cost of a data breach now reaching $3.8M, up from $3.5M a year ago. Further, a study from ISACA heighted the gap in cyber skills where 35 percent of organizations are unable to fill open security jobs, despite the fact that 82 percent expect to be attacked this year.

The reality is that businesses can no longer continue to operate a traditional security model that has been in operation since years. To fight these growing threats, enterprises need an intelligent next generation threat protection solution that doesn’t just address one or two capabilities but provides end-to-end protection. There is a need to envisage a new wave of next-generation Security Operation Centers (SOCs) that relates to the people, processes and technologies involved in defending an organization from cyber-attacks through the detection, containment, and remediation of IT threats. These cyber defense centers are completely driven by machine learning and data analytics.

Mastering Cyber Defense requires new thinking - Move to NEXT-GEN SOC operations

The next generation Security Operations Centre equips businesses to be optimally prepared to defend their digital assets, pertaining to employees or customers. Profiling user behavior   in any environment, using predictive classification algorithms, rapidly enable the identification of anyone using falsified credentials to gain access and perpetrate an attack. Currently, massive amounts of security data are typically collected but are not used effectively. Behavioural, neural-based analysis, driven by global telemetry – will be a critical factor in the years ahead when it comes to detection and protection.

By 2020 we’re probably going to have billions of connected devices. This will further fuel the need to have algorithms that can leverage not only machine learning, but also really understand how humans operate. This will redefine the whole security landscape.

Leveraging Unified Security

Many organizations grapple to understand why the substantial investments they have made in security solutions are failing to keep them safe, without realizing that people and expertise go hand in hand. Lack of   skilled people is the answer to their woes most of the times. How, then, do company’s defenses evolve to meet the security needs in the days ahead? An outsourced, automated approach – with a small retained core team of cyber security professionals – is gaining ever greater traction. At Symantec, we are aligning our roadmap and strategies to provide a Unified Security Analytics Platform Strategy that leverages our unparalleled threat telemetry with next generation machine learning and big data analytics to solve uses cases for threat monitoring, incident response risk assessment & advanced threat protection. These next generation analytics and algorithms will provide the heavy analytics that work ceaselessly to detect attacks as they happen and deliver constant protection.

The tools and technology that once kept businesses safe no longer work. Enterprises that hang on doggedly to such ‘solutions’, or simply throw more hardware at the problem, are likely to suffer heavily at the hands of today’s attackers who are unrecognisable from those that sought to infiltrate their organisations in the past. Unless these businesses are prepared to arm themselves with the technology and expertise that will neutralize such onslaughts, the consequences may be catastrophic.

By Ajathashatru Varma, Director, Cyber Security Services, India, Symantec.