After a year of research that included surveying 350 companies across multiple regions and dozens of in-depth interviews, we isolated three unmistakable facts at the heart of the problem.
Almost everyone had things inside out when it came to cybersecurity. Despite living in an age of continuous compromise, no one was making the mental shift needed to combat hackers and keep themselves safe. The three facts were:
1. Alert Fatigue.
Only one percent of all attacks are detected through logs. This is an astounding number and SIEM has proven to be a particular failure. Interviews with IT teams delivered this frustrated indictment of SIEM: "Stupidly Irrelevant Electronic Messaging" (actually they called it something a whole lot worse, but we're too polite to say that here). They said SIEMs produced too many alarms. MSSPs aren't doing much better for those who depend on them. Even medium sized organizations can receive as many as 200-300 alerts per month from their MSSP and are then left with no idea what to do with them. The result is that alarms drone on while hackers roam free.
2. Lack of Breach Validation.
The hackers roam free because companies have no way to confirm if these alerts are actual incidents. It is too time consuming and costly to investigate, and their security teams lack skills to respond to advanced threats. Imagine being told by the police that someone may have broken into your house but it was up to you to investigate further. That's the situation most companies are in. It's wrong and needs to be fixed.
3. Fortress Mentality.
Even though it should be clear by now that hackers are in the inside, organizations cling to the illusion that cybersecurity means keeping bad things out. This is about cyber-purity not true cybersecurity. It is a dangerous fantasy that does not reflect the inevitability of cyber intrusion. By holding onto it, organizations are unable to respond properly to threats. This mentality is why Gartner is correct in saying the current blocking and prevention techniques are failing, and cybersecurity spending is incorrectly skewed.
With the median number of days before a breach was detected at 229 and 67% of companies only learning of a breach when an external entity told them, it was obvious that organizations had to make a mental shift.
They needed to stop fixating on the perimeter and start looking at their network more like an obstacle course where hackers could be deceived, worn down, paralyzed and ultimately thwarted. You protect what matters; they go away empty handed. This was about changing the economics of hacking. Make the cost of the hack impossible for the hackers to justify and you win. We realized that the nature of threats and approaches used by adversaries had changed radically, but the solutions used by customers had not.
Prevention is important, but it’s not foolproof. Search and signature is always behind the reality. Breach notification is external.
When you make this fundamental shift in thinking, you start to think differently about how to detect and respond to threats. So at LMNTRIX we shift your security mindset from "incident response" to "continuous response.” We start by assuming systems are already compromised and require continuous monitoring and remediation.
By thinking like the attacker and hunting on your network and your systems, we allow you to move from being the prey to being the hunter. We then turn the tables on the attackers and change the economics of cyber defense by shifting the cost to the attacker. We weave a deceptive layer over your entire network. Every endpoint, server and network component is coated with deceptions. The moment an attacker penetrates your network, they enter an elusive world where all the data is unreliable. If attackers cannot collect reliable data, they cannot make decisions. And if they cannot make decisions, the attack is paralyzed.