The growing need for security intelligence

The growing need for security intelligence

Mikhail Nagorny outlines the findings of Kaspersky Lab’s recent report on cybersecurity threats

Caspar Herzberg |

This article first appeared in the Winter issue of The Record.

It is safe to assume that the longer it takes to detect a security breach, the higher the mitigation costs will be. It is quite shocking though, that a failure to discover an attack within a few days results in a 100% cost increase.

For enterprises, an attack that goes undiscovered for a week or more costs 2.77 times more than a breach that is detected almost instantly. Small to medium sized businesses end up paying 3.8 times more to recover from an incident that is detected too late.

Additional findings from Kaspersky Lab’s 2016 Corporate IT Security Risks survey show that the typical time required to detect an IT security event is several days – 28.7% of companies said it took them that long to detect a security breach on average. Only 8.2% of businesses managed to detect security breaches almost instantly, and for 19.1% of businesses it took several weeks to detect a serious security event. When we asked how they eventually detected a long-standing breach, we got what qualifies as a probable solution to the problem.

Businesses that struggle to reduce detection times eventually detect them using these top three methods: an external security audit; a similar procedure conducted internally; and, sadly, notification from a third party. It turns out that when businesses are faced with really difficult to discover cyberattacks, a security audit of any kind is the best ‘last resort’ measure to finally solve the problem. But should it only be the last resort?

This is where our report detects an obvious discrepancy between theory and practice. Although 65% of businesses admit that a security audit is an effective security measure, less than half of companies surveyed (48%) have conducted such an audit in the last 12 months. We add another key finding here: 52% of companies assume that their IT security will be inevitably compromised at some point.

As we have shown above, better detection significantly reduces business costs. But the implementation of incident detection and response strategies is quite different from ensuring prevention. Proper detection and response, as we see it at Kaspersky Lab, requires security intelligence – or deep knowledge about the threat landscape, and security talent – capable of applying the expertise to the unique specifics of a company.

The best security experts, armed with the latest intelligence, can help improve prevention by fine-tuning security systems on the customer side and introducing new technologies and methods on the side of the security vendor. At Kaspersky Lab we believe that cybersecurity challenges can only be addressed effectively via a combination of automation and a ‘human touch’. After all, the threats that we deal with are not ‘robots’ or ‘artificial algorithms’. There are people on the other side too.

Throughout 2016 we have been actively developing our range of Kaspersky Security Intelligence Services that address the demand for talent and intelligence from our enterprise customers. As we have shown above, there are two important requirements from businesses for security intelligence: effectiveness, or the ability to apply knowledge to address unique security challenges, and availability – intelligence has to be delivered fast and integrate easily within the security operations centre of a company.

These requirements should be met in a variety of ways. First, through greater effectiveness. Kaspersky Lab’s Thread Feeds portfolio has been helping our clients to protect their infrastructure for several years already. Security intelligence supplied by the feeds and integrated into existing security controls efficiently reveals possible signs of compromise, helping our clients all over the world to detect incidents early avoiding costly consequences including reputation damage. Kaspersky Lab’s threat intelligence is collected from large amount of sources across the globe and our highly skilled team of security researchers based almost in every region.

Our Threat Feeds offer our customers a worldwide view of the ever-changing threat landscape, almost in real time. Any incident including commodity and targeted attacks has its unique set of properties – a piece of malware, an address and domain of the command and control centre, the specifics of lateral movement. It is crucial for businesses to match the data of their daily corporate network workflow against the data set of potentially suspicious and outright malicious network nodes and objects. We offer this intelligence, collected automatically, as well as obtained by our experts during their research.

Should a breach happen, businesses need data to investigate and act fast. This is achieved by the recently announced Kaspersky Threat Lookup service – an online knowledge database of malicious as well as legitimate objects. It allows corporate security specialists to trace the path of an attack and obtain information that helps resolve the issue.

Finally, we offer detection and response services that involve our own security experts, with services like Targeted Attack Discovery for customers that need to employ external talent. As we have shown above, this is one of the most effective methods to solve a complex cybersecurity problem.

What’s clear is that intelligence is useless if businesses are not capable of obtaining and applying it on time. We have addressed this by ensuring compatibility of Threat Data Feeds with major SIEM systems. We have fine-tuned our Intelligence Reporting services so that information on the most sophisticated attacks is delivered with actionable indicators of compromise. We also offer specific insights for different industries, with advice on how to enhance their security. Finally, we are working hard to ensure availability of our security experts around the world, should our customer request their help.

Mikhail Nagorny is head of security services and enterprise business at Kaspersky Lab


Subscribe to the Technology Record newsletter

  • ©2024 Tudor Rose. All Rights Reserved. Technology Record is published by Tudor Rose with the support and guidance of Microsoft.