Targeted attacks on businesses vary in their level of sophistication, goals and points of entry into the corporate infrastructure, but they all have one thing in common \u2013 they are ridiculously hard to detect. And that\u2019s not all, the remediation of an attack, once it\u2019s discovered, is also difficult. Time is critical. There are two major ingredients for an effective remediation approach \u2013 technology and intelligence.<\/p>\n
The most common definition of security intelligence is knowing how your business may be attacked. This is an important part of security expertise, but it\u2019s not the only one. With companies spending up to 80% of their resources on prevention technologies, dealing with an active security breach may present them with a problem. Cybercriminals are very good at covering their tracks, so when an attack has been discovered, a company may find itself in a tricky position, with no knowledge of the number of compromised machines, logs erased, or evidence of a breach destroyed. Even worse, once a successful attack remediation has been reported, a business may actually still be at risk from an unidentified vulnerable point in the corporate infrastructure.<\/p>\n
Targeted attack mitigation: everything can go wrong #enterprisesec<\/p>Tweet<\/a><\/blockquote>\n
Proper security intelligence combines knowledge about potential and real acts of corporate cybercrime, with the information and approaches needed to gather all necessary data on an on-going attack. Such a combination is achieved via expertise and tools, developed in-house and\/or by working with an expert security vendor.<\/p>\n
Defining technology<\/h3>\n
Even a small company produces a huge amount of data. Terabytes of data are sent and received, and millions of connections are established every day, from e-mail communications, IMs, and social networks, to cloud services. An attack may affect just a handful of connections, but even a small chunk of data leaking to the outside world can bring a lot of trouble. There are millions of ways to breach the network perimeter. It is absolutely necessary to reduce the opportunity for attack. But breaches happen from time to time, and that\u2019s where new technology is required.<\/p>\n
We concentrated on one particular goal whilst we were developing our Kaspersky Anti Targeted Attack Platform<\/a>. We knew it is important to merge proven anti-malware technologies, advanced new methods of statistical analysis, and machine learning to spot the tiny bits of online communication that belong to cybercriminal activity. No security expert is able to control everything, so that\u2019s where the machines step in \u2013 controlling every data transmission and analyzing the workflow for discrepancies, and joining different pieces of evidence together to produce a substantiated alert.<\/p>\n