Identifying the visibility gaps in your security

‘Once more unto the breach’…When Henry V uttered those immortalised words in Shakespeare’s play; most enemy attacks were fought on the battlefield. Yet in modern times, many ambushes come in the form of cyber attacks that wreak havoc in the shadows. These data breaches affect all organisations, not just governments, and also more commonly small and mid-sized businesses.

According to a recent report by Deloitte, the average cost of a data breach per organisation is almost $2.6 million per year in Australia . Furthermore, in the same report, it was shown that in the past five years over 20,000 data breaches have been recorded locally and this number appears to be increasing.

Last year the Australian signals directorate responded to 940 significant cyber security incidents, which was a 37 per cent increase on the year before. Even more worrying, Australia's chief cyber security defender, Major-General Stephen Day, who is the head of the federal government's new Australian Cyber Security Centre in Canberra, recently revealed that the government has no idea where about 40 per cent of those 940 cyber attacks against the country came from.

What this illustrates is that any organisation, no matter how large or seemingly secure, can become a victim of a cyber attack, as well as experience difficulty in detecting the source of a breach.

Yet alarmingly, there are still cases in which the root cause of a problem is not identified for months after the security incident. Despite these concerning figures, there are solutions available to organisations to help mitigate security risks and incidents.

Weeding through the false alarms

A critical component to the incident response problem is the time associated with weeding through all the false alarms generated by various security devices, including firewalls, intrusion prevention systems, and security reporting agents. The problem is further exacerbated by the growing speeds of networks and network virtualisation, where many security tools simply can’t process data fast enough on 10Gb Ethernet (10GbE), 40GbE, or 100GbE network environments or simply lack visibility.

The key to maintaining granular visibility

The good news is that solutions are available to help maintain granular visibility in such high-speed networks. Such solutions can also correlate network transactions with security alarms to help identify problems faster and decrease incident response times. The key is to integrate lossless network recording systems with existing security tools using feature-rich application programming interfaces (APIs). The APIs help with automating security related tasks.

Security automation is key to decreasing incident response time. Imagine being able to automate the retrieval and correlation of network transactions to any security log event aggregated into a security information event management (SIEM) system, or mapping packet data to any IPS alarm, or pinpointing application threads that trigger a specific application performance alarm. This is all possible now with high-speed lossless recording systems and API integration with SIEMs, firewalls, IPS devices, and Application Performance Monitoring (APM) systems.

NetFlow no longer just for NetOps

In addition, real-time NetFlow generation on dedicated appliances is proving to be a good solution where full recording options are not available due to privacy policy conflicts. These solutions can provide much better network visibility than legacy NetFlow implementations that rely on network sampling, especially over 40GbE and 100GbE network environments. NetFlow is coming back in a strong way to provide security teams much needed visibility, NetFlow isn’t just for Network Operations anymore.

Overall, mainstream security products are becoming more open to integration with third party solutions and high-speed network recording systems are becoming more affordable. As a result, the security automation described above will become more prevalent among security operation teams as time goes on.

Despite the rise of security incidents and increasing costs in Australia, the security industry as a whole is improving, and there is much more collaboration than ever before. Moreover, significant improvements are being made among hardware and software vendors that should make the industry feel very optimistic about its capabilities to decrease incident response times moving forward and ultimately limit the damage of cyber attacks.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags breachcyber attackscyber security incidents40GbENetOpsAPIsCSO AustraliaShakespeareDeloitteEnex TestLab10GbE)securitydata breach

More about APMCSODeloitteEnex TestLabIPS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brett Moorgas

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts