Looking ahead to 2015 in cybersecurity, it really is vital to understand how the threat environment impacted organizations through exploits and breaches in 2014.
Toward the tail-end of the year it seemed like there was a new, major data leak or cyberattack in the headlines every week. There was no pattern, no single industry targeted (no pun intended) and no actions taken to punish those involved, even if the attribution was defined and accurate, and there was a definitive perpetrator or organization to charge in the criminal act. (http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor)
Is there knowledge that can be gained from the cyberattacks of 2014? Yes. There's certainly a large amount of information that can be applied from the numerous hacks and breaches to understand trends and techniques, but the most important lesson to be learned from this past year may just be the fact that enterprise organizations are heading towards a new approach to endpoint security – Big Data Endpoint Detection and Response (EDR).
What is Big Data EDR? It’s the combination of Endpoint Threat Detection and Response leveraging Big Data technology and analytics that give organizations the ability to continuously monitor all endpoint behaviors, to manage thousands of endpoints at scale, and remediate to stop threats in real-time.
How do we know this era is already upon us? Gartner already identified Endpoint Detection and Response Solutions as well as Big Data Security Analytics as two of the top upcoming security technologies in the market, Symantec has declared that traditional endpoint security products are dead, and Big Data technologies are emerging by the day. Not to mention how valuable faster and more precise data collection methods can be to a data-centric industry like cybersecurity.
Big Data EDR solutions capture the best practices that all organizations should be employing on their endpoints. Having the ability to track everything happening on the endpoints in your network, utilizing advanced intelligence to identify threatening behaviors in real-time, and being able to effectively react to an attack as it occurs - has become essential.
Big Data goes a step further though, adding the element of scale that the market is just beginning to catch on to. Monitoring endpoint behavior will bring in a vast amount of raw data and potentially unusable metadata that no security professional wants to deal with.
However, when using advanced analytics and threat profiles, you can easily prioritize the threats that actually matter, and can take the necessary action to stop the attack in progress, managing your response as opposed to just reacting.
The idea of adding Big Data to security technologies can scare away some organizations. Storing your data in a cloud infrastructure sitting in “space” does not sound appealing and it shouldn’t. At this point it is hard to place any amount of trust in servers that you have no control over, where payment information, patient data, legal documents etc., are stored and backed up.
However, some Big Data EDR products are built differently than others. Leveraging Cloudera as an on-premise cloud collection and storage solution to securely host all of your endpoint activity, CounterTack Sentinel was built for enterprises to take back complete control of endpoint security.
Sentinel monitors all behaviors on thousands of laptops, desktops and servers at scale, remediating all known and un-known threats, while having the ability to keep critical data on site. Safe and secure.
EDR may now be trending to include elements of prevention, but prevention alone is no longer an option, as hackers are too smart, and too sophisticated. The era of Big Data EDR is here and now is the time to get onboard.