Where is the biggest cyber risk: zero-day or the every day? The debate rages.
Certainly the scale of zero-day security threats is enormous: one business is breached every 14 seconds, the cost of WannaCry was $4bn+, and Lloyds estimate the next big global cyberattack will spur $53bn in losses.
The arguments for the every day are even more compelling. 99% of vulnerabilities are well known, (zero-day has made up only 0.4% of vulnerabilities in the last decade). 130 security breaches on average in 2017 and an average breach cost of $3.5m.
But isn’t there a bigger and more critical debate?
Any day vs yesterday. The narrative goes like this: in looking to the next new network intrusion businesses are missing the elephant in the room – most network breaches have already happened.
The new reality of network security is that organizations are always chasing yesterday’s attacks and breaches. The statistics make sobering reading: the average detection time of a major attack ranges from 100 to 150+ days – the recent Dixons Carphone breach began almost 12 months ago.
Ticketmaster was told of a potential breach by Monzo Bank two months before it was realized.
Containment time can extend this further, from 20+ days for ransomware or phishing to 50+ days for malicious insiders or malicious code.
The business cost is staggering.
It’s no surprise Gartner is forecasting that by 2020, 60% of information security budgets will be allocated to reducing the time to detect and accelerate recovery and remediation.
But how will they be spent?
I would make the case for the next generation of full network packet capture tools.
They can extend the timeline of packet capture, storing tens of petabytes of network traffic at low cost: that’s weeks, months and years of data. They can scale to the fastest current market bandwidths – 100Gbps and guarantee the best lossless capture performance. They can make all this data constantly available for search and can search petabytes of network traffic in minutes.
And because huge amounts of data can be analyzed quickly, there is huge potential to deliver on the promise of AI and machine learning, and better defend networks from the threats of IoT, the cloud and the coming machine wars.
Full network packet capture will make it easier and faster to chase yesterday’s attacks and breaches, and shorten containment times whether the threat is the zero-day or the every day.
It’s just one of the many reasons why more and more organizations are looking at full network packet capture.
What are you doing to reduce the time to detect and accelerate recovery and remediation?