It has been estimated that 90% of organizations will suffer at least one security incident this year. There is no question that organizations are suffering more data security incidents than ever before and that more of these incidents are translating into data breaches than ever before. While prevention is always important, detection and response are just as important.
Research indicates it can take an average of 256 days to identify a data breach caused by a malicious attack and 158 days for an attack caused by human error. When an attack goes undetected for this long, the potential for damage (both to the organization and victims of breached data) are so much worse. Accurately detecting a security incident is the first step toward effectively responding to it.
One of the top problems with detecting security incidents is that there are so many false positives created by current monitoring tools. The growth in mobile device use and in cloud use has expanded the attack surface exponentially; this has, as one would expect, resulted in even more security alerts.
Cloud Amplifies Alert Fatigue
According to a report from Sky-high, 18% of files in the cloud contain sensitive data with the average company experiencing 23.2 cloud-based security incidents each month. The report reveals that consumer cloud services represent 38.7% of total cloud services being used within the organization, a problem when it comes to ensuring data is adequately protected. The report also indicates the growing issue of “exception sprawl,” with actual blocking rates for unapproved cloud services falling below governance policies.
The data indicates that employees at the average enterprise collectively take over 2.7 billion unique actions in cloud services each month, with any single action potentially signalling a threat. From accidental or malicious actions (including a large percentage of files being externally shared), compromised accounts, or attacks that leverage the cloud as a vector for data exfiltration, the problem becomes whittling the 23.2 threats out of the 2.7 billion actions taken each month in the cloud. Pair this with the alerts being generated by every layer of security technology in place at organizations and you end up with a “needle in a haystack” scenario.
The storage of sensitive corporate data on unauthorized Cloud-based applications such as Dropbox, OneDrive, iCloud, and Box can lead to costly data breaches. While this survey indicates a known risk associated with cloud services organizations know about, it does not address the unsanctioned use of cloud services (Shadow IT). Whether sanctioned or not, it’s important that organizations have a way to regain visibility into the cloud.
Add Context to Your Alerts
Absolute DDS can help you bring your cloud use, sanctioned or cloud, back under the control of IT. Absolute Endpoint Data Discovery (EDD), a standard feature in Absolute Data & Device Security (DDS), you can detect data at risk on endpoints, including files being stored in the cloud. By defining the kind of sensitive data that is important to you, you can create customized alerts that provide the context you need to identify risks and to proactively enforce security policies or to remotely wipe sensitive data.
With the high volume of alerts being generated by your defense-in-depth security strategy, what you need is a way to add context to that data so that the important alerts don’t get lost along the way. Alert data generated by Absolute DDS and other security solutions can be fed into your SIEM solution and analyzed in context, offering a holistic view of the entire security posture of your organization. By doing so, you can combine the device, application, and data attributes collected by Absolute DDS to identify anomalies that may be indicative of insider threats, device theft, cyber-threats or critical issues with security solutions.
Contact us to learn how Absolute can add context to your security incident detection capabilities.