At a recent industry security event, one of the vendors was giving away fresh donuts. Their clever marketing was bringing light to a “donut hole” of security nearly every security service provider recognizes, but hasn’t had a cost effective solution to present to their clients. What is the security “donut hole”?
Marriott Hotels is a good example of a “donut hole” gone bad. Marriott recently announced that 500 million client records had been taken by cyber-criminals over a four year period. The cyber-criminals had been actively traversing Marriott’s network for four years gathering data undetected because of a security donut hole Marriott elected not to fill. Internal traffic wasn’t being monitored allowing the cyber-criminals free range on the network to discover data sources and steal client data. The loss to Marriott will run into hundreds of millions of dollars and untold losses from lost client revenue as clients choice to book with other hotel chains.
Cost effective technology tools have widely been available to provide the core network security functions. For end point protection - anti-virus, anti-malware and end point firewalls provide an effective defense. On the perimeter - firewalls with advanced threat software including intrusion detection, geo-blocking, network address translation, and gateway anti-virus functions provide an effective perimeter defense.
The area that has been lacking has been the ability to monitor on, and alert on potential bad behavior behind the firewall between the end points. If a cyber-criminal successfully penetrates the perimeter and end point defenses, they can begin to probe the internal network looking for other places to attack. Internet of Things (IoT) devices, printers, servers and other devices either don’t have security features, or have them turned off to facilitate end users. Local network traffic is rarely encrypted allowing the cyber-criminals the ability to watch for juicy network information. The latest generation of Security Information and Event Management (SIEM) systems provides for monitoring and logging of the internal traffic. If an end point is suddenly probing the network and passing suspicious files, the SIEM software will generate an alert for the end point to be checked out. SIEM systems have been enhanced recently to provide packet level monitoring for internal traffic effectively turning the “donut hole” into a jelly donut. The middle of the security picture is no longer missing, but is filled with tasty data in these new SIEM systems allowing Security Operations Centers (SOCs) to quickly identify and stop cyber-criminals.
At our recent trade shows we were introduced to two new vendors in this market, Perch and SOCSoter. We are evaluating their technologies and value and expect to be deploying a solution to our clients before the summer.
Click HERE for more information.