Compressing the Detection Process


Perhaps the most alarming subtitle to the prolific headlines touting the latest breaches of cybersecurity is the fact that the discovery of the intrusions took many months to be revealed. The latest release of Mandiant M-Trends report indicates that on average, breaches of security take 229 days to be discovered.  The recent broad attack on JPMorgan Chase, which compromised information for 76 million households and seven million small businesses, took the bank’s security team more than two months to detect before it was stopped. Imagine being the president of the bank and learning that your vault was broken into and pilfered only after a depositor presented a valuable family heirloom, just purchased at the local pawn shop, which they thought was securely locked away in the banks vault. A far-fetched scenario? Not really, especially when two thirds of all cybersecurity breaches are discovered by an outside third party.

The reality is that most organizations today are slow to detect breaches and most organizations are sadly misinformed when it comes to how long it really takes for intrusions to be discovered. The lack of awareness allows unlawful intruders the time to roam around inside an organizations system, seeking out the best information to pilfer and planting seeds of opportunity for later harvesting. Detecting a breach sooner rather later can be crucial to how much damage is inflicted upon the organizations financial health. “The longer it takes to respond, the more firmly rooted the attacker will become, and more difficult and costly it will be to find and remove all of their implants,” says James Phillippe, leader of threat and vulnerability services for the U.S. at Ernst & Young.

The issue of untimely discovery can be compounded because of the sheer number of attacks occurring every day and the increasing number of ways intruders can attempt to access a system. Implanted detection software, designed to warn security professional of an unlawful intrusion, often produces an overwhelming amount of data which needs to be evaluated and verified by security professionals. Companies looking to improve detection and response times must refocus their efforts on improving their data analytics capabilities, and provide appropriate numbers of resources necessary to respond properly to legitimate threats.

Breaches, even in organizations with an effective defensive security strategy in place, will occur. Investing as much effort on breach detection as breach prevention is essential to improving discovery. “We know that breaches are going to happen,” says Mike McCann, a consultant at Signum Security, “What can we do to mitigate response times and mitigate the impact?” Deploying predictive analytic tools will help manage the volume of data and speed-up the detection and response to a cyber-attack.

Image courtesy of Stuart Miles at