Equifax data breach shows why complete network visibility is business-critical
We all woke this week to the news that credit report agency Equifax had been hit by a data breach, leading to the records of 143 million US customers being disclosed. Ugh. For me personally, this marks (at least) the 19th time my data has been stolen. This time, the data compromised potentially included social security numbers, birth dates, addresses and similar personal data. Not the worst I have experienced but not fun nonetheless.
It was announced that cyber-criminals exploited a vulnerability in a web application, although the company’s main consumer and commercial credit databases were not accessed. The company reported that hackers gained entry to its network sometime between mid-May 2017 and the 29th of July, when the breach was first detected. During this time they were able to compromise 209,000 customers’ credit card details. While two months seems like a long time from breach to detection, a recent IBM report found that the industry average for security breach detection is an incredible 229 days, so all of a sudden 60 days doesn't seem so bad.
The long dwell times between intrusion and detection highlights just how critical total network visibility is to ensuring that enterprise networks are robustly secured. Without network visibility of all network traffic, blind spots emerge where intruders can enter, then move around the network laterally accessing and egressing highly sensitive information – without security teams being aware of the intrusion.
Network and security teams establish a baseline of ‘normal’ traffic across their entire infrastructure, including what traffic is traversing it, and who and what is accessing each area of the network. It also gives them the ability to compare current traffic flows against this baseline so that they can detect and potentially remediate anomalies – which could signal an intrusion or breach – quickly.
Everyone thinks of network visibility as security and performance monitoring software. True, those are critical to establishing a solid monitoring posture, but those IT tools are only as good as the data they are being fed. That is where network visibility comes in. Network visibility solutions provide the critical link between the network infrastructure and organizations’ network and security tools. They collect, filter, load balance the data and eliminate non-essential information, helping to expose the threats facing businesses and enabling teams to improve operational efficiency. If you want to see how vulnerable your network may be, check your network visibility score.
It is true that Ixia offers a series of network visibility solutions across physical, virtual, SDN and NFV networks, so this may seem a bit self-serving. But we all want to be protected, and good protection does start at the foundation. We strongly encourage every enterprise currently protecting people's personal information to continuously look at your network infrastructure every time you make a network change. We have previously blogged about how to implement a network visibility solution which can be read here. Protect our identities. Please.