It’s a fact that today’s emerging IT delivery models, such as Cloud, Mobile, BYOD, and Social, are driving immense complexity in your IT infrastructure. At the same time, you are faced with increasing diversity in the types of threats you face daily. A quick scan of the headlines reveals that insider attacks remain unchecked, accidental disclosures continue to occur at a worrying rate, and, perhaps most disturbingly, malicious external actors continue to breach your defenses at will. Indeed, a recent survey by CyberEdge revealed that over 60% of organizations had at least one breach in the past 12 months. Clearly, current approaches to defending against targeted attacks are not working.
Defending against the advanced, targeted attack
Advanced Persistent Threats (APTs) are a particularly dangerous type of advanced, targeted attack. Despite having a wide variety of actors and underlying motives, APTs share several common attributes that make them extremely difficult to pinpoint and eradicate. First and foremost, they all exhibit proper planning, funding, and well thought out execution. The malicious actors behind APTs are patient and persistent. In no rush for a quick “pay-day”, they will quietly seek footholds within your organization, day after day, year after year until they have found a target of real value. Once inside, they are able to move around at will, covering their tracks and inflicting great damage to sensitive systems and information.
Knowing what we now know about targeted attacks, especially APTs, it is easy to see how they might be very difficult to detect and address in organizations that rely on traditional security programs. Typically, these programs are characterized by siloed security management and monitoring solutions that deliver large quantities of seemingly unrelated event data, but no real insight. Lacking this insight, indicators of an attack in process are likely to be missed. Not only that, they are likely to be missed for an extended period of time, during which your sensitive systems and data will be at risk.
The answer is not more data, it’s more insight – or better yet, more intelligence
If the above scenario sounds familiar, you are not alone. Many organizations lack the insight required to address the threat of targeted attacks. The aforesaid CyberEdge survey found that only 27% of IT professional surveyed believed they had the security intelligence needed to investigate security breaches. That’s significant, because with security spending remaining steady or even increasing, it’s an indicator that throwing more tools or people at the problem isn’t a solution. In fact, it just makes the problem worse.
NetIQ knows Identity-Powered Security
This week at the RSA Security Conference, NetIQ will be demonstrating a new approach to stopping targeted attacks (BOOTH # 1409). We call it “Identity-Powered” Security.
Identity-Powered Security is the integration of identity information into security monitoring and breach response. Using this approach, identity management, access management, and security event management work hand-in-hand to provide the full range of organizational knowledge around who someone is, what activity is normal for them, and what they need access to.
Stop by and chat with us – we will be happy to share more.