Enterprises are constantly faced with battling increasingly sophisticated attacks on their worldly data goods. But as cyber criminals get more sophisticated, IT professionals need to have more innovative and advanced defensive weapons at their disposal.
The next step in arming for battle is what TELUS has labeled Intelligent Analysis (IA), an approach that offers high-level data analytics that allow enterprises to gain the upper hand in the cyber security struggle. In simple terms, TELUS’ new Intelligent Analysis service offering allows businesses to collect information from a variety of different sources that typically don’t speak to each other (e.g. web servers, routers, firewalls) to look at cyber threat activity in real-time, or in some cases, anticipate it.
There’s nothing simple about how it goes about doing this however.
The service draws upon a nationwide team of 400 security experts whose job is to manually monitor and analyze business systems 24/7 to proactively identify issues, look contextually at situations and flag potential risks. In many cases, portions of the data in question is found outside enterprise systems. The premise behind it is that highly advanced data analytics can be applied to detect early indicators of targeted malware infections, compromised servers, vulnerable users and systems, advanced and persistent threats and abusive/high-risk users, among other cybercrime threats.
Michael Argast, director, sales engineering and enablement, TELUS Security Solutions, said this type of approach makes perfect sense today given the evolution of the cybercrime community. “Cybercrime has evolved into a diverse ecosystem that has made it more powerful in terms of the attacks attackers can launch. An analogy would be the oil and gas industry. Getting gas to the pump involves a huge ecosystem that goes from pulling it out of the ground, transporting, refining, delivery, marketing…the list goes one. The point is, no one organization runs the front to back process.”
The same holds true for the cybercrime world. It’s also a complex web of specialists who not only can generate more sophisticated attacks; they also have a vast infrastructure to commercialize the data they abstract. “Like any enterprise, there are people who specialize in finding weaknesses in software, or malicious codes or extracting data via breaches,” Argast said. “They offer 24/7 guaranteed support and deal in multiple languages. That speaks to the maturity of the cybercriminal community.”
The profits to be gained in this dark web of intrigue are staggering, further fueling cyber-crimesters as they continue the onslaught. On October 15, 2015, Intel Security’s McAfee Labs released The Hidden Data Economy report that presents a detailed overview, including the going rates for stolen data in cybercriminal marketplaces. Here is just a small sampling of the price ranges paid for stolen data.
- The average estimated price for stolen credit and debit cards is US$5 to $30 in the US, $20 to $35 in the UK; $20 to $40 in Canada; $21 to $40 in Australia; and $25 to $45 in the EU.
- Bank login credentials for a $2,200 balance bank account sell for $190.
- Bank login credentials plus stealth funds transfers to US banks are priced from $500 for a $6,000 account balance to $1,200 for a $20,000 account balance.
- Prices for bank login credentials and stealth funds transfers to UK banks range from $700 for a $10,000 account balance to $900 for a $16,000 account balance.
- Online payment service login credentials are priced between $20 and $50 for account balances from $400 to $1,000; and between $200 and $300 for balances from $5,000 to $8,000.
What’s happening on the ‘dark side’ is really no different from the way enterprises manage security, Argast said. The problem lies in the imbalance of resources. “IT staff or providers will have their own areas of specialization or partner with organizations to bring up their levels of capabilities to evenly match attackers in areas such as vulnerability or penetration testing or device management. But here’s the challenge. Given that enterprise security falls to a handful of people – maybe 30 to 50 versus 100s – the balance of power between the bad guys and the defenders is lopsided.”
So where does Intelligent Analysis fit into the picture? By collecting lots of data from lots of sources, putting it in one place, and using algorithms and correlations to understand what happens from an attack perspective, it’s a way to get in front of cybercrime problems, Argast explained.
That’s a tall order for an enterprise to manage on their own. “It’s a big investment. It’s huge and complex. And it takes specialized skills to take advantage of all that data and know how to write URLs, or distinguish an actual breach from just noise. Once again, enterprises need to look externally for that expertise.”
External support provides added benefits because enterprises tend to focus inwardly from a data perspective, Argast explained. “In order to effectively protect yourself against an attacker, it’s much better to combine internal and external data. If you can pull in data from the dark web, for example, you can get insight into planned attacks before they happen, correlate the data and prepare yourself. Data from third party vendors can also be incorporated to detect patterns for attacks to gauge the likelihood of it happening to you. Pulling together more data from multiple sources makes the job easier.”
By way of explanation, the new TELUS Intelligent Analysis service combines advanced event detection with contextual event analysis of real-time activity and early-warning and protection against emerging threats.
Its five-step process includes:
- Security event consolidation and detection
- Situational awareness (i.e. harnessing external and internal data for 360 degree visibility on events and threats that apply to a network)
- Prioritization of threats based on a business’ profile
- Intelligent response (threat containment, remediation)
- Advisory and reporting
TELUS has created a decision tree quiz that cycles through some of the benefits of IA for IT pros who want to check it out.
Argast said the new service is very timely given that high profile targets such as Sony have put the C-level suite on high alert – and these are demanding more on the security front. “They’re asking how they can get prepared and demanding solutions. That kind of board level scrutiny has been driving a lot more conversations over the past few months.”