|Why you need smarter defences
Traditional security solutions were conceived back when malware was created by mischievous students. Modern malware attacks mark the transition from pranksters to highly organized entities who seek significant profits from the information they steal. It’s no surprise that the incidence of e-espionage is growing; it’s very profitable.
Last year’s Stuxnet worm showed a new level of sophistication: it targeted highly specific hardware and software combinations in Siemens Security Control and Data Acquisition (SCADA) networks. SCADA systems are installed in industrial, utility and infrastructure companies to monitor and control automated plants. Stuxnet was designed to attack these systems, to steal corporate information or disrupt SCADA networks without detection.
These developments have obvious implications: better tools are needed. More of the same will not do the job, as Ernst & Young confirms: ‘simply shoring up existing and conventional defenses is not enough … because these types of threats require several layers of defense to counter. Data Protection & eEspionage. If you thought only governments and global corporations had to worry about e-espionage, it’s time to think again.
Why defences need to be smarter
Changes in user and IT system behavior are often early warnings of imminent malicious or profit-motivated activity, such as an employee unusually downloading massive amounts of sensitive information. This is why many organizations with highly sensitive data choose technologies based on Behavioral Anomaly Detection (BAD) and Analysis for data protection. These intelligent systems learn about the normal patterns of activity in the enterprise, detect those that are unusual, interpret them in context with other information, and alert IT security staff to investigate discernable threats.
Both informed insiders and organized outsiders can anticipate the rules applied by traditional IT security systems, which is why they provide limited defence. With behavioral analysis, attempted theft of valuable information - from within or without - can be detected when it occurs rather than when the loss has been discovered, often weeks or months later. This is the key difference between rules-only security systems and those that add a layer of behavioral interpretation to the data they collect. They have the intelligence to detect, investigate and respond as it is happening, not afterwards when the damage is done.