One can only imagine the conversations behind closed doors. A defence contractor in South Australia experienced a breach in which a hacker accessed 30 gigabytes of commercially sensitive data, relating to the $14 billion Joint Strike Fighter program. Nobody would envy the person who had to tell the military that ‘Alf Stewart’ – a hacker mischievously named for the belligerent TV character – had swiped their data.
It doesn’t always make such headlines, but similar breaches are happening by the minute to Australian organisations, often undetected. In the M-Trends 2017 report by FireEye firm Mandiant into IT security, it was established that breaches dwell undetected for an average of 99 days. The Australia Pacific region was said to be the worst performer, correlating to a lower security spend.
The attacks are becoming increasingly sophisticated, with cyber-criminals luring employees into poor security choices. In response, defence tools are also being developed to bolster defences. Yet all the tools in the world won’t help if you can’t see what you’re up against.
In some ways, IT security managers can be victims of their own success. Many are managing so many different systems that they are bombarded with alerts, putting them at risk of missing the most important amidst the noise.
Since all attacks depend on some way on a network, this is an important starting point. The network is the common ground. It is where threats that have gone undetected by other systems can be detected and dealt with.
Network security has, of course, experienced a seismic shift since the advent of cloud. To gain full benefit from the agility cloud has to offer, while still achieving necessary segmentation of users, means adding hypervisor-based security, according to a recent Juniper white paper. They focus on a new type of security architecture that integrates virtualised and physical workloads – something that enables clearer visibility of both cloud and on-premise environments at a glance.
Security information and event management (SIEM) systems are emerging to consolidate event data from the thousands of different devices, applications and endpoints that touch your network. This can be done in near real time. Secure Analytics uses amalgamated information to again give remarkable visibility, without the overwhelming alerts of multiple systems clouding the issue.
Such security measures appear to be influencing a changing of the guard in the network space. Traditionally, networking has been something of an automatic choice, but this has led to some of the big names being left flat-footed when it comes to intelligence and security. Juniper has been quick to seize the initiative to modernise the networking space.
The language around threats has notably changed over the last year or two. The new reality is that a determined, targeted attack can infiltrate even a well-secured environment – but with layered security built around an intelligent network foundation, unwelcome visitors can be detected and contained without heavy damage.
The ‘Alf Stewart’ attack is a reminder that many prime targets are reached via business partners or contractors. This is now a discussion that must be had with your extended business network – so that you are never in the position of that contractor in Adelaide having to confess to a breach.
To learn more about SIEM, network security and other measures you can take to defend your organisation against cyber-crime, explore our cyber security page.