This is Part 1 in a series on the use of security analytics in an enterprise
Everything connected to the internet can be hacked; everything is being connected to the internet; therefore everything can be hacked. You don’t need to be an expert in syllogisms to understand the increasing complexity of the attack surface — that is, the sum total of all the ways an organization can be attacked.
Not only are organizations’ networks incorporating more devices than ever before, their users are more mobile and their business approaches are ever-more shifting to the cloud.
With this complexity comes more opportunities for vulnerabilities to be exploited. The WannaCry ransomware attack in May 2017 that quickly swept across the globe took advantage of a vulnerability with a known exploit and available patch; yet many organizations failed to mitigate the vulnerability through the patch or otherwise.
According to a 2015 Verizon report, 97% of breaches are avoidable through standard controls. That number may have changed slightly, but WannaCry was a stark reminder of the struggle organizations face to understand and properly wield their security resources. At the root of this struggle is limited visibility of the attack surface.
Frequently, networking and security data exists in siloes, and stitching together this data to give it context is extremely complicated (if not impossible by manual processes). Another problem is the sheer volume of vulnerabilities present in a typical enterprise network, with more vulnerabilities announced every day. Deciphering the severity and exposure of these vulnerabilities requires layers of analysis.
Organizations often do not have or cannot dedicate enough people to the problem. To make matters worse, the threat landscape is constantly evolving, which means the job of finding and fixing vulnerabilities is never done, even if you have the manpower and processes in place.