It takes six months for advanced persistent threats to be detected
A recent study from the Ponemon Institute revealed retailers take more than six months on average — 197 days to be exact — to detect an advanced persistent threat (APT) in their network. The study’s most common method identifying an APT after notification?
“A gut feeling.”
Usually, retailers do not detect intrusions proactively on their own; instead, an external entity (card companies or law enforcement) notifies them of a compromise. Add in the average 39 days to identify, scope and contain the threat within retail organizations and the math adds up to an unsettling conclusion about one of the industries hit hardest by cyberattacks in 2014: shoppers remain vulnerable.
This year is a turning point year for U.S. retailers. Point-of-sale systems are notoriously difficult to secure, and nearly a quarter of retail security budgets are now spent on efforts to disrupt an attack before it happens. Stores around the country are updating POS systems ahead of the U.S. credit card companies’ shift to interoperable chip-based (or EMV) cards, but counterfeit credit cards only make up 37 percent of all credit card fraud. EMV chips will make it more difficult for criminals to monetize stolen data, but they cannot prevent consumer data breaches like those that hit major retailers in 2013 and 2014. While the cards’ track data equivalent is encrypted, Primary Account Number data is still sometimes transmitted openly with chip-enabled cards. Therefore, network-wide visibility remains of paramount importance for retailers.
Tanium’s retail clients have hundreds of thousands of POS systems and other endpoints to manage and secure, but human expertise to secure customer data remains a scarce commodity. On average, retailers have only 11 employees responding to security incidents, according to the Ponemon study. Though security operations teams at retailers monitor network traffic, anti-virus alerts and other malware-centric detection technologies, unknown threats often present themselves as anomalies — practically invisible within massive amount of noise that non-targeted scans and commodity malware create on a daily basis for small teams.
Good security hygiene still leaves the POS exposed
Point of sale systems are typically appliances running a common set of software atop a basic underlying desktop operating system. Many retailers rely on tools that use known indicators of compromise (IOCs) to find RAM scrapers, backdoors, and other malware commonly used in such attacks. This approach is an essential part of maintaining good security hygiene and detecting known threats, but might miss never-before-seen custom malware written for a specific victim environment, capturing card data with minimal footprint on infected systems. You could also miss the telltale artifacts of lateral movement and privilege escalation that leverage the victim’s own infrastructure.
The solutions to these challenges are visibility and control in seconds and at enterprise scale. Such capabilities can serve as a force-multiplier for IT and security operations teams, and are the foundations of Tanium’s technology. Tanium enables retail companies to detect and investigate both “known bad” and unknown anomalies. The platform can be used to help analysts easily perform ad-hoc searches or automated IOC scans for everything from hashes for loaded binaries, connections to known malicious IP addresses, or file names and registry keys associated with malware. Once an incident has been fully scoped, analysts can then go one step further by performing corrective action, such as quarantining machines, killing processes, resetting credentials, disabling network connections and much more, to remediate the compromised endpoints.
Tanium’s endpoint visibility and control
The Tanium Endpoint Platform is the first and only enterprise platform that provides security and IT operations teams with 15-second visibility and control to secure and manage every endpoint across an entire network, regardless of its size. With Tanium, you can:
- Ask any question in plain English and reliably get complete results every time for the most accurate and current view of the entire environment
- Know everything you need to about what is happening right now in 15-seconds so that you can fully scope modern, rapidly evolving threats quickly
- Act directly on the endpoints for immediate and precise remediation of any kind, which eliminates the ability for adversaries to counteract or reestablish control — hallmark adaptability that’s crucial to resolving today’s increasingly targeted and sophisticated attacks
Tanium has introduced automation, speed and scalability previously unheard of to retail network security operations teams, giving them visibility and control far beyond their numbers and reducing threat detection times from days or even months to seconds. Its patented architecture enables it to uniquely scale to millions of endpoints with little to no impact on performance, reliability or supporting infrastructure costs. And Tanium is purposely designed to maintain a level of agility that can match up favorably against modern attacks — creating a safer, more confident environment for businesses and shoppers alike.