No matter how many cybersecurity tools you implement, and no matter how much money you throw at the problem, there is simply no such thing as cybersecurity that is 100 percent invulnerable to attack. You can reduce your attack surface to make it more challenging, and you can raise the cost of compromising your network to make it less appealing, but in the end a dedicated attacker—or even a random exploit or phishing attack—may still succeed. The difference between an inconvenience and a crippling cyber attack is how quickly you can detect and respond to the threat.
The Wipro Supply Chain Attacks that Didn’t Happen
A great example of the value of real-time threat detection and rapid response is the way some organizations were able to respond to the supply chain attack from Wipro and avoid or minimize attacks.
A handful of employees at Wipro—a large international IT outsourcing and consulting company based in India—fell victim to a phishing attack, which allowed attackers to capture their credentials and gain access to the Wipro network. Attackers were then able to launch supply chain attacks against Wipro customer networks using the trusted relationship between the two.
The damage isn’t known yet, but some of the affected Wipro clients were able to quickly detect and respond to the threat. Brian Krebs updated his original story on the Wipro breach with responses from some of the companies, including this statement from Avanade:
“Avanade was a target of the multi-company security incident, involving 34 of our people in February. Through our cyber incident response efforts and technologies, we swiftly contained and remediated the situation. As a result, there was no impact to our client portfolio or sensitive company data.”
[Related Reading: Create a Comprehensive Automated Incident Response Plan]
Real-Time Attack Detection and Rapid Response
Respected cybersecurity expert Richard Bejtlich commented on Twitter, “Rapid detection and response is the difference between an intrusion and a breach. Prevention eventually fails, and compromise is inevitable, but breaches are not guaranteed when you can stop the adversary from accomplishing his mission.”
Jack Danahy, Senior Vice President, Security for Alert Logic, highlighted the importance of this point and stressed that it is not addressed enough. “Security doesn’t stop when an intrusion starts: Every step that follows is another opportunity to frustrate the attacker.”
The Importance of P.I.E.
Cyber attacks can spread through the network and cause more damage with every passing minute that they remain undetected. In order to do real-time threat detection effectively, though, you need to have the right combination of platform, intelligence, and experts.
The dynamic nature of hybrid and multi-cloud environments, and the sheer volume of threats make it virtually impossible to monitor effectively with legacy tools or manual processes. Machine learning algorithms and artificial intelligence play a crucial role in analyzing network traffic and activity to raise alerts for potential security incidents. Cybersecurity professionals can then focus on those security incidents and take the appropriate action to avoid or thwart an attack.
If you don’t have the tools in place to identify suspicious or malicious activity, or experts with the right skills to separate the signal from the noise and recognize legitimate threats, you can’t detect attacks in real-time.