Cyber-crime has become much more sophisticated than ever before. No longer are the threats simply a kid playing in the basement. The cyber war has become a billion dollar industry, netting malware companies and hackers millions. As corporate IT departments attempt to keep these companies out, CEOs and presidents need to remember that they may have a handful of people fighting a war against hundreds, maybe thousands of programmers who are working 24/7 to successfully get their hands on sensitive data.
What is Time Til Live?
What many organizations fail to realize is that the true threat of cyber-attacks lies not in the initial breach but in the time it takes to discover the intrusion. The longer hackers are able to go undiscovered, the more havoc they can wreak and the greater the damage they’ll be able to do to your network. The time that elapses between the initial breach of a network by an attacker and the discovery of that breach by the victim is known as “time til live” and it’s something that could seriously be costing your company money.
One recent report indicates that the average time it takes to discover a successful breach is close to 150 days. For many, it could be much longer. Imagine the kind of damage a hacker could do if given months to extract the information they’re after while going completely undetected. Sadly, it is these prolonged and sophisticated attacks that many organizations fail to consider. Thankfully, understanding TTL presents the opportunity for network defenders to disrupt the attack and mitigate damages.
Why TTL Matters
Time Til Live starts the moment a hacker intrudes on your network, which at this point is no longer an “if” scenario, but rather when. During this time the hacker will then move into the data analysis phase of the project to determine the information they’re after and where it is located. This is the most vulnerable part of the attack and therefore the place to focus on for several reasons.
- First, you have information on the attack since hacking agents are already in your network. Unlike more sudden and blatant attacks like crypto-locker, denial of service, or web defacements, advanced persistent threats (APTs) achieve their objective by maintaining stealthy long-term network access.
- Second, you can use actionable intelligence to find the intruder and eliminate them. In the context of cyber security, actionable intelligence refers to the collection and analysis of network data in real-time with the goal of turning that data into actionable insight. In other words, it’s sort of like fighting fire with fire – that is, using intelligent technology to turn the tables on hackers and thwart their efforts as quickly and effectively as possible.
- Third, a small staff can make a difference, provided they have the right tools. This is an important point to make because many businesses feel that they are more vulnerable due to lack of human resources. It also ties in with the previous point since the right technology can essentially turn even the leanest staffed departments into an army of defenders.
- Fourth, it makes it easy to see your security holes so you can more effectively perform penetration testing and address any existing security issues. Being proactive can help you strengthen your risk posture and prevent future attacks.
It should be noted that this type of approach is markedly different from real-time threat detection such as what is achieved through anti-virus software and other basic malware protection products. That’s because the threats being addressed are, as mentioned above, designed to be stealthy, prolonged and oftentimes complex. As such, threat hunting focuses on post-compromise detection. Intelligent technology is deployed to provide round-the-clock monitoring with the goal of reducing dwell time and eradicating intruders before they are able to cause further damage. In essence, it is both proactive and reactive at the same time, thereby covering all bases and providing a much stronger defense against cyber-attacks.
In conclusion, the Time Til Live part of the project plan allows your IT staff to identify existing threats and focus their efforts on isolating and eliminating while also testing and plugging security lapses. This is a proven strategy and one that has been used in many of the documented wars of the past. Waterloo, for example, and many other battles have turned the landscapes of the war around. TTL is the cyber war’s Waterloo.
Best of all, thanks to advances in technology, it’s entirely possible to manage and optimize TTL without breaking the bank. In fact, FireDragon has strategically developed precision tools that are designed to level the playing field and provide small to mid-sized businesses with advanced technology and the knowledge to secure their intellectual property and financial assets from cyber-criminals – and at a price point that suits every budget. To see this powerful intrusion protection in action, simply click here to request a free demo.