If you watch 60 Minutes, you may have seen “What Happens When You Swipe Your Card” that aired on November 26. The piece examined recent security breaches where cybercriminals stole tens of millions of customer credit card numbers from major retailers including Target, Home Depot and Michaels Stores. Dave Dewalt, CEO at FireEye, provided insights about why the breaches occurred and how to prevent them at other companies. It’s a story in which Bradford Networks is deeply involved and passionate about. Thanks, Dave, for helping spread the word!
As the piece explained, these colossal breaches would typically start with a mundane event, one of thousands or millions that occur on large networks over the course of a day. For example, the Target breach began when hackers stole the login credentials of a heating contractor to get onto the network. They were then able to surreptitiously load their malware onto thousands of checkout terminals in nearly every store, capturing customer credit card information and sending it out of the country. Target didn’t discover the breach for months — not until security expert Brian Krebs broke the news on his blog.
Why couldn’t Target find it earlier? It certainly wasn’t from lack of trying; their approach to network security just wasn’t able to handle today’s complex threats. While Target, Home Depot and other companies all had multiple security systems in place, the systems didn’t talk to each other, and hints that something might be wrong were lost in a flood of routine status messages. That’s why companies often learn they’ve been breached from an outsider like Brian or from one of the intelligence agencies.
Dave explained that today the notion of cybersecurity is really a misnomer — 97% of companies are getting breached and that the average time to detect a breach is 229 days. “Breaches are inevitable — it’s the life we live in today. The key: don’t let them access the information that’s really important, don’t let them get out, detect it sooner, respond sooner, and ultimately that exposure is very small.”
As Dave pointed out, today’s cyber criminals are so cunning in finding vulnerabilities that you’re almost certain to get hacked at some point. When a breach occurs, you need to identify it and neutralize it as quickly as possible to minimize the impact. With today’s advanced threats, this means correlating many relevant data points in real time to understand what’s happening on your network, make informed decisions and take effective action in seconds, not after weeks or months.
FireEye is partnering with Bradford Networks to bring this vision to life. FireEye’s Threat Analytics Platform™ is now integrated with Bradford Network’s Network Sentry offering to detect today’s advanced threats and block them immediately. Network Sentry/RTR’s live inventory of network connections identifies all devices on the network, who is using them, where they are located and what they’re doing. It correlates this real-time information about device activity with incident information from FireEye and takes action automatically according to rules that you define. For example, if FireEye detects that command and control information has suddenly started flowing to a server in Maldova, it reports the IP address to Network Sentry/RTR which identifies the compromised device, takes it off the network and alerts the right people.
If Target, Home Depot and other victims had followed this approach, the breach would have been identified and contained in a few seconds, before any significant damage was done. It would have been a non-event rather than a huge blow to their reputation and a major financial hit.
Now you see why top cybersecurity companies like FireEye, Palo Alto and Fortinet have chosen Bradford Networks as a technology partner. Our vendor-agnostic solutions play a key role in detecting and containing today’s advanced threats while protecting enterprises, customers and employees alike.