In case you missed it, we’ve just unleashed something epic in the security world: the Connected Security Alliance. By partnering with top security solutions, we’re introducing a radical new approach to stopping data breaches. In this three-part series, we’ll talk about why we created the Alliance, who we’re partnering with, and how it works.
You know, of course, that SecureAuth is dedicated to solving the data breach problem. But many people don’t realize:
1) how serious that problem is
2) what it takes to solve it.
There were over 3,141 confirmed data breaches in 2015. That doesn’t include the ones that were never reported or detected. Yahoo’s recent attack involved at least 500 million user accounts. Clearly the security problem is getting worse, not better. And many breaches aren’t swift attacks; instead attackers often gain access with valid user credentials, then linger in the system undetected for weeks or even months, stealing valuable data at their leisure.
While big breaches make the headlines, even a small breach can permanently poison a company’s brand and financial future. Customers have long memories, regulatory fines can be devastating, and “minor” repercussions like overworked staff and internal chaos can have a lasting impact.
Many breached companies – and skittish organizations that have learned from their losses – will often invest in new security point solutions after a breach, in hopes of preventing the next attack. Unfortunately those solutions fail as well, leaving many businesses wondering if real protection is even possible.
Anatomy of a typical breach
Let’s trace the path of a typical breach. It might start with a successful phishing attempt involving an employee. The criminal gets inside the network and gets the lay of the land, learning how to escalate their own privileges and moving laterally in the system. At that point, they’re still unobserved and have the time and opportunity to obtain their goal – stealing private customer information, maybe, or copying company intellectual property.
To put this in terms we’re all familiar with, consider Target attack. Shortly after being certified as PCI-DSS compliant in 2013, Target was breached. Were they immediately aware? No. The attackers tested their malware, realized Target’s security system wasn’t stopping them, and installed it. Several security alerts were triggered, but the Target security team missed the warnings as they did not collectively paint a clear picture. The attackers were free to begin exfiltrating data. Eventually it was the Department of Justice that notified Target of the breach. Only then did Target act – announcing that 40 million payment card data records were stolen. Later they add an additional 70 million records to that number.
This is one illustration of why criminals are staying undetected with so many security tools in place. The alerts aren’t correlated. There’s what we call white space between security solutions – and attackers know just how to exploit that lack of visibility.
To understand why this white space exists, it’s important to realize that most security vendors approach the problem as only a piece of the overall attack lifecycle. Naturally security teams wind up acquiring multiple solutions from multiple vendors to cover the entire cycle. But they begin feeling overwhelmed, working harder and harder to manage the systems, and find that malicious actors keep slipping in between solutions anyway.
The Connected Security Alliance
That brings us to the Connected Security Alliance – a holistic approach to solving the data breach problem. The Alliance is currently comprised of SecureAuth and cybersecurity solution providers CyberArk, SailPoint and Exabeam, and together we’re offering a solution that will help organizations address every stage of the attack lifecycle from initial penetration to lateral movement to escalating privileges with best of breed solutions.
Let us be clear; this is not just a collection of vendors. The Alliance is a connected framework that leverages multiple datasets to determine risk or evidence of the attack, reduce the time it takes to detect criminals, and limit exposure. We also help you solidify perimeter security by leveraging identity context to block bad actors while providing smooth access for valid users. All solutions pass rigorous interoperability testing, and can be implemented quickly and painlessly.
In Part 2, we’ll talk more about our partners, our technologies and why they offer something very unique in the security space. But for now, you can find out more by visiting Secureauth.com/connected-security-alliance – and while you’re there, you can register to attend the upcoming webinar “Connected Security: A Holistic Approach to Solving the Data Breach Problem.” We’re co-hosting with 451 Research and we’ll talk about the security solutions that really work in today’s breach-plagued landscape. Don’t miss it.
