Filling the visibility gaps in endpoint monitoring
Ahmed El Sabbagh, senior distribution manager - Turkey, Emerging Africa & Middle East at RSA, the security division of EMC
By 2019, USD2.1 trillion could be lost to businesses globally as a result of cyber attacks, says Gartner. This is concerning, especially in today's society where cyber attacks are becoming more sophisticated and occurring more frequently due to the increase in potential attack surfaces.
These attack surfaces are in particular attributed to the world's workforce having evolved to an increasingly mobile workforce. Currently, working off-premises is a growing trend, even though numerous employees are using untrusted networks away from the workplace and thereby putting an organisation's trusted network at risk.
During his recent visit to South Africa, Ahmed El Sabbagh, senior distribution manager – Turkey, Emerging Africa & Middle East at RSA, the security division of EMC, stressed the need for a mind shift due to the fact that compromise occurs in "days or less" 84% of the time, while discovery in "days or less" occurs about 20% of the time – as listed by the latest Verizon 2016 Data Breach Investigations Report.
"This is a concern and it highlights that organisations cannot be reactive, but rather proactive and subscribe to early detection of a cyber attack. Therefore, minimising the time it takes for an attacker to be within the organisation with access to important information, including intellectual properties and financial information, is the new game name for the security industry," he continued.
The race to 25G Ethernet: Seven critical issues that will decide the winner
"Moreover, RSA research indicates that 80% of security staff and budgets, activity and tools, today are focused on prevention. Monitoring and response lag, and even the monitoring spend, is today heavily weighted towards ineffective, incomplete approaches, while Gartner says by 2020, more than 60% of budget will be for rapid detection and response versus 20% today. This is a relief as this protection measure is more effective compared with traditional preventative measures that can no longer protect organisations, especially because they lack the threat intelligence piece of the puzzle."
Ahmed El Sabbagh further highlighted that endpoints are the most vulnerable attack point for cyber criminals and require sufficient protection in the form of tracking and analysis of technology and user behaviour.
He said this in reference to the capabilities of the company's RSA NetWitness Endpoint (formerly known as ECAT) solution, which is part of the visibility analytics strategy of RSA NetWitness Suite. RSA NetWitness Endpoint's core purpose is to achieve high visibility from the endpoint up to the cloud through to the network and data centres. It is thus an endpoint detection and response tool that employs a combination of live memory analysis, continuous behavioural monitoring, and advanced machine learning to detect new and hidden threats quicker. It also helps focus investigations among thousands of alerts, and accelerates responses by security teams of all sizes.
Anton Jacobsz, MD at Networks Unlimited, value-added distributor of RSA products in more than 20 African countries, added: "Behaviour analysis technology is an excellent way of obtaining information data during an attack, as it is available faster due to the technology's core function, which is to monitor behaviour and collect data. However, it is also crucial to bear in mind that, to have an effective security system, this tool can be used in conjunction with other supporting technology."