Mitigating risk is a continual exercise of informed decision-making by business professionals - the ability to focus on the right decisions and areas of concern. With visibility of the global trends and patterns that are happening on a day-to-day basis across the enterprise, organisations are in a better position to configure security controls and the network environment, identify vulnerabilities or rogue employees, and curb live cyber-threats.
Seeing and understanding what is going on in real-time is the first step to seeing what should not be happening. And unlike traditional endpoint defences, an attack does not need to have been seen before to be identified or detected.
Has any financial institutions adopted Darktrace's Enterprise Immune System?
We are working with an American bank with several hedge funds, and a couple of global investment banks.
To what extent were these players in the financial services industry familiar with the notion of 'insider threats'? What was the typical response when Darktrace highlighted these potential threats?
There was a financial institution we were working with, where in the first week we found a compromised data server pushing data out to the internet on a daily basis. We investigated the data leak and tracked it to a piece of malware. It was not particularly stealthy, but had been living in the system for six months since its installation date. Essentially, organisations are overconfident with regard to antivirus protection and firewalls, so much so that they hardly look within their networks. These are common scenarios. In such cases, the attacks are not even sneaky or targeted; it is bold-faced data extraction.
Organisations need to take a step back when considering cyber defence strategies, first asking the question: how well do I know my own environment? As network infrastructures and intranets grow and expand with more and more devices, functionality and technologies, the digital architecture of an organisation of any significant size is typically complex. IT security managers often lack overall visibility of the very systems that they manage, accessing only data siloes and focusing on specific parts of the organisation where there are known problems to resolve.
However well-patched the network is or well-trained your staff may be, there is always a risk of compromise. The first step to a resilient cyber strategy is an acknowledgment of this reality. The second step: with the assistance of cyber technology that is self-learning, probabilistic and adaptive, 'catch' suspicious activity at the opportune moment or within the window of additionally afforded time - between the initial compromise and the first signs of abnormality.
Sign up for Computerworld eNewsletters.