Offensive Defense in the Enterprise
Posted: May 2, 2013 at 10:11 am | by Joe Gottlieb
Recently, the idea of Offensive Defense has become a hot topic in the security industry. In theory, the notion of going after an attacker that targeted your organization seems like a logical plan. However, there are a host of legal and ethical concerns with this approach.
For one, current legislation is vague when it comes to an organization’s ability to go after cyber attackers off-premises. Secondly, what if you unintentionally go after an innocent bystander and cause irrevocable harm to their infrastructure? Are you then legally liable for any damaged they incurred?
Because of this ambiguity, we urge our customers to focus on what they own in their own enterprise, where hidden intrusions and malicious codes can have long-term security ramifications.
According to Verizon’s 2013 Data Breach Investigations Report, 66 percent of attacks take at least two months or longer to discover. That’s considerably more so than in 2010, when 41 percent of attacks went undetected for that long. This further supports the need for SIEM analytics, which will sharply reduce the time that a threat can “hide” within enterprise infrastructure.
By leveraging advanced SIEM solutions, organizations can define the context of threats and enable an automated, active defense. With a deeper, richer understanding of the context of patterns and anomalies via the analytical capabilities which advanced SIEM solutions deliver, you strengthen the deployment of policy-driven controls that balance enterprise defense with corporate responsibility.
In a recent piece I did on this topic, I discuss the risks, the debates and the future of sharing information about cyber attacks.
While the idea of going off-premises to attack your attacker may sound appealing, the risks clearly outweigh the benefits. There’s a better way to keep your enterprise secure, while staying out of trouble—and an advanced SIEM will get you there.