As the recent Cisco router vulnerability illustrates, security vulnerabilities in a network can be difficult to uncover and often exist for months before they're identified. Although breaches are inevitable, it's important for security teams to note that patching the perimeter defenses of an infected system or device is not a complete solution, as attackers may have already established a presence inside the environment.
Before giving an organization a clean bill of health after a security breach, it's critical to understand the extent of attacker activity and any damage that has been done. To do this requires a retrospective analysis on historical data – which is not a trivial task. The challenge of manually sifting through months of data to reconstruct behaviors and find suspicious activities causes most organizations to walk away and just hope for the best. However, the persistence of attackers and lateral movement inside the enterprise following an infiltration can lead to major data loss down the road.
Most security teams are understaffed and underequipped to deal with such large-scale incident investigations. This is where machine-learning security analytics can play a significant role. Self-learning security analytics solutions use algorithms that examine current and historical data to identify patterns and behaviors, automatically detect anomalies and prioritize risk. It's a game-changer for security analysts, who can focus their valuable time more effectively on investigating and remediating threats instead of searching for them.
In a world where attackers are present and go undetected for more than 200 days on average, early detection of a persistent threat could be the difference between a temporary vulnerability and major business risk.
Ravi Devireddy is the CTO and co-founder of E8 Security, a company that helps enterprises transform the effectiveness of their security teams with solutions that reduce business risk, improve operational efficiency and supercharge existing security investments. With two decades of experience in leading the development of innovative, high-performance software and services, he is a thought leader and practitioner in the areas of machine learning, data analytics and cybersecurity.