Riding technology waves

BT Assure

Better protection through a clearer understanding of the changing tides in security

Real-time threat monitoring

You have no choice but to connect your business networks to the rest of the world: customers, suppliers, partners, remote workers and the general public. And the moment you connect your security is threatened by the spectre of online security breaches and cybercrime. Fifty-five per cent of organisations worry their infrastructure can’t withstand cyber attacks and nearly all (94 per cent) believe the number of online security attacks is on the rise1.

But you’re not facing an uncontrollably rising tide of security threat; you’re facing opportunities to proactively lead with security, placing security firmly in the heart of the boardroom. Global market intelligence provider IDC believes understanding the changing tides of the security landscape is vital, and that insight and visibility are key to success.

Counting the cost

Risk is a constant, and dealing with it in the best way possible will, inevitably, come at a price. When every part of a business has to justify every item of expenditure, security can come under pressure to reduce spending. The strongest argument against this is to look at the costs of security breaches: in 2011 the average organisational cost per data breach was $5.5m and the average cost per compromised record was $1942.

“Businesses need to look again at their defences to determine whether their information is indeed well protected. Encouraging companies in all sectors to make investments in improved cyber security, based on improved risk assessments, is likely to considerably reduce the economic impact of cyber crime on the UK.”Cabinet Office recommendations, 2011.

Realistic funding for security and undertaking assessments that inform effective decisions are essential.

Real-time threat monitoring

The challenges of proactivity

Moving beyond a damage-limitation approach to a real-time threat monitoring approach involves addressing significant barriers:

• Cost, particularly that of staffing 24/7 information monitoring.

• The requirements of implementing monitoring on a global basis.

• How best to assess the volumes of raw information generated.

• The difficulty of proving the business case for real-time threat monitoring.

Learning from the best — NASA

No system is ever fully safe. In its state of security for 2011 statement, NASA announced a number of breaches, including 13 separate data losses. Even with an IT security budget of $58m, attackers made off with credentials for 150 employees in a single breach. Such credentials could be used to make illicit use of the organisation’s networks.

NASA outlined key areas of threat, including lack of awareness of agency-wide security policies and difficulties implementing continuous IT monitoring. Although this is a staggering revelation, NASA at least has the security awareness to be able to name and quantify the threats it faces. Many organisations will have been as, if not more, affected — but won’t know it because they just don’t have the reporting or visibility of real-time information that makes them aware. And other organisations will have the monitoring and intrusion-detection systems necessary to identify threats as they arise, but will be so swamped with information they’ll be unable to pull out the crucial insights that lead to effective protection.

A real-time view of the threats and outcomes you face is essential, but is only effective when coupled with the knowledge to convert insight into appropriate action.

Challenges faced by the security professional

2012 is the ideal time for security professionals to focus on gaining the visibility they need:

• To make the decisions that will keep their organisations ahead of cyber criminals.

• To get the crystal-clear, holistic view that will help them take a proactive, rather than reactive, approach — thereby avoiding a job-threatening security breach.

In 2012, security will finally trump compliance. Imperva’s analysts3 expect to see security decisions driven by genuine security measures, not compliance requirements. With the cost of a breach rising, industrialised hacking growing and the need to protect intellectual property, companies will increasingly make cyber security decisions based on security.

Gartner analyst French Caldwell thinks IT security professionals need to make it clear — to the business in general and the board in particular — that defining beneficial risk tolerances and ensuring these are not exceeded is their mission.

Real-time threat monitoring

Stay ahead with visibility through real-time security monitoring

IDC notes that a combination of cyber crime that can extract sensitive information from compromised networks faster than ever before and internal systems that are struggling to protect businesses from outside threats is driving a move to externally-provided, real-time threat monitoring.

“It’s becoming clear that many of these emerging threats cannot be defended against in-house, creating a shift in security posture toward being more proactive.”

Christine Liebert, IDC senior analyst

Eight essential benefits of effective real-time security monitoring

1. React rapidly to security threats; analysis of the source, destination, severity and nature of threats in real-time means you are aware of attacks as soon as they happen.

2. Gain a clear view of your network: and take control of your security environment.

3. Hold down costs by detecting internal and external attacks on your network as they happen and halt these attacks before damage is done. This eliminates the expensive and time-consuming post-attack clean-up costs.

4. Comply effectively with the ever-increasing number of data privacy and protection regulations, including the Sarbanes-Oxley act, Data Protection Act and the Health Insurance Portability and Accountability Act.

5. Avoid damage from the unnoticed — the numerous ‘small, mundane’ problems, such as worms infecting PCs, hard drives filling up, and the installation of unauthorised applications that can turn big and have a detrimental effect on your organisation.

6. Improve information security; effective monitoring enables you to collect data from network devices, classify the risk it represents and highlight potential threats.

7. Reduce enterprise liability by recording network activity, helping you comply with auditing and accountability standards, protecting against financial losses.

8. Make audits easy — one overview of your security log data and records of your configuration and tuning history means auditors can access data from one place.

Real-time threat monitoring

Networks that predict attacks and protect themselves

So what are we aiming for?

We want intelligence that brings to life in real-time the potential threats and outcomes faced by businesses, helping them make the right decisions for effective policies.

We want self-regulating systems that crunch through massive amounts of raw, unstructured data in minutes to detect patterns, predict problems and display results using visualisation tools.

We want to build intelligence into networks to improve resilience for all users, drawing on enhanced situational awareness tools and Artificial Intelligence techniques (that can be maintained automatically by the system) to fuse and visualise vast amounts of data from different sources — detecting potential intrusions or hacking attempts in minutes rather than weeks.

And we want a higher-touch, more controls-orientated approach to security incident and event management (SIEM), allowing analysis and reporting that is fully interactive and able to be customised.

Please get in touch if you’d like to find out more about how BT Assure can make this a reality.

1Ponemon Institute Cost of Data Breach Study 2011.2Traffic intelligence and analytics firm Narus, 2011.3IT nonprofit organisation CompTIA, 2011.

Offices worldwide

The telecommunications services described in this publication are subject to availability and may be modified from time to time. Services and equipment are provided subject to British Telecommunications plc’s respective standard conditions of contract. Nothing in this publication forms any part of any contract.

© British Telecommunications plc 2012 Registered office: 81 Newgate Street, London EC1A 7AJ Registered in England No: 1800000