Threat Detection: Is it a False Sense of Security?

Written by: Francesco Trama | Published on: January 7th, 2016

About The Author

Francesco Trama
Francesco Trama As Chief Executive Officer and Founder, Frank is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

7057688_s.jpgWhen it comes to cybersecurity, there’s a myriad of potential threats to deal with, from viruses to malware to Trojans and more. Today’s threat detection systems deal with those attacks by focusing mainly on history. What does that mean? It means that threat detection is based on what the system knows. And what it knows comes mainly from threats that it and other threat detection systems have dealt with in the past.

 

History Vs. Innovation

If you put a threat detection system in place, it is very good at identifying typical attack paths. However, today’s cyber attackers don’t stay on those paths. While a threat detection system is based on the past, attackers are looking towards the future: innovating and devising new methods of getting around those detection systems.

The system can identify ordinary, run of the mill attackers who use the same attack methods that others have done in the past. But they can’t identify the sophisticated attackers, whose attacks are more persistent. When these attackers are able to bypass the threat detection system, they can actually penetrate a company’s security and infiltrate their network environment. They may only be able to do so for a short time before they’re discovered and eradicated, but one short breach of security is all it takes.

In addition, while a threat detection system learns from history, it can take them awhile to do so. If an attacker comes up with a brand new vulnerability, or a brand new way of breaking into a system, they are not going to broadcast it to the world. Rather, they’ll try to keep it buried for as long as possible, in order to exploit it to the fullest potential. So if the new threat is not public, your threat detection system won’t know about it or be able to identify it until it’s too late. They might identify an anomaly of some kind, but that anomaly might just look like another alert that gets written off and brushed aside.

For instance, in 2014, Home Depot was subjected to cyber attacks. Their threat detection system did, in fact, alert them to it. However, it was a threat that the system had never seen before. Since it didn’t recognize the threat, it wasn’t able to identify it, and simply provided a “General Alert” notice, rather than any indication of a specific threat. By the time they realized what had happened, 56 million payment cards from their customers were at risk.

Using Threat Detection More Effectively

Threat detection systems are effective to a point. Unfortunately, people tend to think that just because they put threat detection in place, that means they are completely safe from the future. That is not the case. Cybersecurity isn’t a “set it and forget it” matter. Real threat intelligence requires that constant attention be paid, to keep up with new threats.

This means you have to look at everything: every threat that comes through the system, no matter how general or benign it may seem. Unfortunately, the sheer volume of threats that your network has to endure every day renders this practically impossible. If these threat intelligence systems are making the best guesses that they can, you’ll end up with a huge number of alerts. Your security team doesn’t have the time or resources to give every alert the attention it deserves without causing major bottlenecks in the system. Eventually, they become jaded to the problem, letting requests through without vetting them thoroughly, and failing to notice cyberattacks.

Easing the Burden on Security

This is where Advanced-Ip Filtering comes in. Advanced-IP filtering brings a measure of control to your otherwise overloaded security team. By filtering IPs by location or company, you can greatly reduce the number of attempts an attacker is able to make on your system, reducing the volume of alerts and giving your team more time to evaluate each one thoroughly for its threat potential.

Any network, no matter how big or how small, can be breached. Look at the news stories of huge companies that have been hacked, such as Home Depot or Target. It’s foolish to think those companies didn’t have sophisticated threat detection measures in place. Yet they were still breached. Or even look at your own computer. You may pay good money for a top level antivirus, to keep your data safe. But somehow, you still end up getting a virus.

No matter how sophisticated your threat detection system is, if the threat itself is more sophisticated, it can breach your network. No system is 100% secure, and thinking that it is is your network’s biggest vulnerability. Cyberattacks are changing and evolving all the time, so your security needs to as well. It’s the only way to keep your network truly secure. {{cta(‘a6d69b4f-d581-44c6-a3aa-095cdb48b2c1′,’justifyright’)}}