NEW YORK, NY — (Marketwired) — 07/02/13 — Recent research, by data protection specialists , has revealed that more than 40% of respondents had either no or very limited capabilities to detect data breaches using some form of automation — either real-time alerting or daily/weekly reporting. The survey results show that a remarkable 24% or almost one-quarter of those surveyed had no automation technologies in place to detect breaches by monitoring for privilege escalations, suspicious data access, file access changes, or unusual email event activity. Another 19% of respondents had a basic capability to detect some of these events using automation. Varonis has found that only 6% of the survey could monitor all these events in real-time.

The survey of 248 security professionals(i), at Infosecurity events in London and Orlando, was aimed at better understanding how well companies are able to spot breaches in progress.

The findings were particularly alarming in light of the fact that, since there-s no perfect system of safeguards, a breach by hackers, other unauthorized users and authorized users that abuse their access is inevitable, says David Gibson, VP at Varonis.

With security breaches being a certainty, it makes great practical sense to have a “Plan B” in place, or strategy for mitigating liabilities from a data break-in, he adds.

Topping risk mitigation lists are techniques for detecting and monitoring unusual system events. Detective controls that track and analyze user, file system and OS activity for anomalous patterns outside of the norm become a critical layer of defense, and are as important as preventive controls like authentication, access control lists, and firewalls, he says.

Once corporate defenses have been breached, hackers look for high-value content, such as personal information, intellectual property, credit card numbers, and other sensitive data, says Gibson.

An IT department-s ability to track this data is key to breach mitigation efforts. Unfortunately respondents fared poorly here, with only 29% having the ability to detect when files containing sensitive data had been accessed or created. With the rise of cloud services, such as Dropbox, that are used informally by employees, companies have another place to search for sensitive content.

The survey results showed that organizations need to improve their cloud monitoring as well: only 22% could track data uploaded to the cloud.

On the positive side, large enterprises showed they do a better job of spotting anomalous file and system events. 36% of these entities use automated techniques to detect files access control changes versus an overall 28% average, and 37% use automation to spot privilege escalation, versus a 30% average.

Finally, Gibson says although it is widely accepted that auditing and analysis of OS, security, applications and especially file system logs is critical to good breach mitigation practices, the survey results were, again, less than encouraging, particularly in discovering breaches involving human readable, sensitive data in corporate file systems. “A mere 28% of respondents report being able to detect suspicious access to data.”

There is no doubt that first-line defenses are critical in preventing breaches. However, cyber criminals have many more successful attack vectors, which, in combination with advanced persistent threats, cannot always be prevented. Organizations need to be able to detect what they don-t prevent.

“In other words, businesses must assume that as long as they store sensitive data, someone will try to get to it, and a hacker or an insider will gain access at some point. Therefore, Plan-B detection methods are vital in stopping breaches as soon as they start, thereby limiting the damage,” he concludes.

To see this research report in full, please visit:

(i) Conducted during May 2013, 248 security professionals were asked 10 questions, aimed at determining how companies are monitoring unusual user, file and system events, learning how companies are tracking sensitive content in their file systems and understanding how companies are practicing basic forensic techniques.

Responses were more heavily weighted towards the above-1,000-employee, enterprise organizations (63%). The sample also had a significant presence from enterprises at the extreme end of the scale: 19% came from 50,000+-employee organizations. Respondents were also asked for their specific IT job function, and the results showed this to be a very technically savvy group: 45% of our responses came from employees in the security area, 16% in storage infrastructure, and 9% in IT operations, with less than 10% from non-IT employees.

Image Available:

Shelley Harrison
CTP

617-412-4000

  data-governance, file-sharing, metadata, real-time-alerts, varonis