This multi-part blog series explores how advanced network-traffic analytics changed how the Department of Defense approaches its overall cyber security operations, creating a far more effective methodology for protecting many of our nation’s most sensitive networks.
Today we’ll cover the limitations associated with today’s best, mostly automated tools such as SIEMs, security analytics and perimeter defenses. The problems encountered by the DoD before they began to use advanced network-traffic analytics are identical to the problems enterprises encounter today with securing their own networks.
As most everyone in cyber security realizes by now, a determined attacker will almost always find a way around or through perimeter defenses. Perimeter defense tools use a signature-based approach that leaves them vulnerable to even the slightest malware modification, while a legitimate username and password obtained from, say, spear phishing is something that must be let through. Even some of the most advanced perimeter tools using whitelist sandboxing techniques can be either bypassed or fooled. Now, that’s not to say that these tools are useless, and they do initate plenty of legitimate alerts. However…
Read more about it here.