Blog

Where were you when your cyber security was breached?

What the security problems are and how Accedian is partnering with Splunk to address them

Despite many advances in smart firewall and endpoint cyber security protection, security breaches continue to plague the IT landscape at a record pace. To date in 2019, over 100 major breaches have occurred, according to Identity Force, and those are just the major ones.

According to Risk Based Security and as reported by TechRepublic, they further state that, “more than 3,800 data breaches have hit organizations, representing an increase of 54% in 2019″ – so far.

Obviously, there are still many very serious IT cyber security threats afoot and the problem is getting worse, not better. Despite new firewall and endpoint technology innovations, hackers have become equally innovative and have found new ways to exploit network and endpoint weaknesses.

They’ve also developed new methods, such as ransomware, to extort money without having to exfiltrate data. But, there are indicators available on the wire to detect these attacks.

Endpoint security is much like placing a deadbolt, chain lock, and steel bars on your home door to prevent burglars from breaking in. It blocks attackers from readily gaining direct access to you IT environment.

But, hackers have become very innovative in finding ways, such as credential phishing, etc., to obtain legitimate or legitimate-looking ways to get through endpoint and firewall protection.

IT systems typically have a numerous, vulnerable entry points.  For example, some of them can be left open for testing requirements. Others may be long forgotten after systems are deployed. All of them can become part of a shadow IT inventory. It’s analogous to a burglar that, instead of entering your home through secured doors, enters you house through an unsecured window or other access point that you didn’t think they’d find or use.

Once an attacker is inside a network, it’s frequently too late to stop them from inflicting serious damage. In fact, one of the first things they do is to quickly cover their tracks at the endpoint, to eliminate artifacts that indicate that they’ve breached the endpoint.

With new threats, IT security requires a new approach

Building security firms have come to realize that the way to provide the highest level of building security is by complementing deadbolts with video cams to continuously monitor a facility. This enables an immediate response to attempted breaches as soon as they’re detected.

IT security requires a similar approach. Firewalls are like door security locks. They work effectively when an intrusion is attempted directly through them and if they’re properly implemented so that no weak links are left for the attacker.  Also, many endpoints, such as IoT, ICS and BYOD, can’t be instrumented with an agent and need endpoint protection as a primary protection method.  

Accedian is partnering with Splunk to provide advanced IT security capabilities

That’s why Accedian is partnering with Splunk to offer the Skylight security app for Splunk. To provide next-gen behavior-based security technology that provides a similar concept as modern building security – a virtual video cam that efficiently captures 100% of the network traffic flowing across an entire network mesh.

By efficient, it means that the Skylight sensors create high quality metadata, representing only 0.5% of the full network traffic while retaining all of the critical information required for security monitoring.

The Skylight security app for Splunk also provides advanced network traffic analysis, using machine learning and AI, to detect Tactics, Techniques, and Procedures (TTPs), suspicious behaviors, and other security issues that can only be seen by examining the entire digital landscape’s traffic.

It uses the advanced Splunk data lake to retain network traffic information for forensic investigation and dashboard tools to provide informative visualizations and intelligent alerts provided by the advanced analytics.

In other words, the Skylight security app for Splunk capabilities are analogous to detecting a burglar stealing your silverware from cupboard, analyzing the situation to make sure it isn’t just a family member taking a spoon to eat their dessert, and then notifying you in real-time so that you can implement measures to stop the intrusion and theft.

This next-gen security capability enables you apply proactive security threat detection capability instead of relying solely on reactive, preventive measures.

The Skylight advantage writ large

Better yet, the Skylight app for security with Splunk uses the exact same high-definition network traffic sensors as the Skylight performance monitoring solution.

And, you can too. Which will provide you with 500% to >1500% better TCO than a combination of separate security monitoring and performance monitoring tools.

To learn more about how Skylight can help fortify your security posture, read our blog post “Infrastructure-based Security Solutions – What to Consider.”