In an it world where the volume and sophistication of hacker threats are growing daily, minimizing the time that elapses between initial compromise and discovery is crucial to an organization's ability to identify and track data breaches that endanger the security of the important information located on their servers.
The speed (or lack thereof) with which breaches are discovered has been a long-standing problem that, according to at least one source, is getting bigger all the time.
Selling a real-time breach notification solution "requires that you be somewhat of an evangelist." David Gibson, VP Marketing, Varonis Systems Inc.
Based on an analysis of more than 47,000 security incidents and 621 data breaches that occurred in 2012, Verizon's 2013 Data Breach Investigations Report (DBIR) reveals that 66 percent of breaches took months or years to discover. This was worse than the previous year's figure of 56 percent and, according to the DBIR, similar to results it has published in previous annual reports dating back to 2008.
Of course, organizations have plenty of incentive to minimize the time between breach and alert, particularly when the breach involves the loss of sensitive personal information about customers or clients, a situation that can have a variety of costly legal and regulatory ramifications.
But often, a lack of resources, both computer-based and human, gets in the way, according to David Gibson, vice president of marketing at New York-based Varonis Systems Inc., a provider of software and services solutions that help organizations manage and protect data. And that means organizations "almost never" enable the native auditing functionality of Windows servers, says Gibson, because it is so resource-intensive.
"Every time someone simply opens a file [with native auditing enabled], there are 50 lines that get written to a log file," says Gibson, "and the metadata grows on the servers, rapidly exceeding the data itself in terms of volume." And even if you have the server space to handle it, this metadata is pretty unintelligible in its native format, he notes, requiring a lot of human face-time to glean useful information from it.
The situation has opened up a new market for solutions. For example, Varonis' Data Governance Suite provides a framework for extracting metadata-without native filtering enabled-and distilling it down in magnitude and complexity ("normalizing" it) to a level where it can be more easily tracked, queried, and analyzed, generating audit trails in the process. "[This] provides the ingredients from which to build a valuable real-time alert capability," says Gibson.
As in any new market, selling the latest solutions like this to SMBs "requires that you be somewhat of an evangelist," Gibson says. One method that has proven effective for Varonis is installing the product and reviewing information generated with both IT and non-IT members of the organization. This serves to point up what he calls "tons of use cases" besides data security that can benefit from answers to questions surrounding who generates particular files, who uses them, and how often.