How to avoid becoming a victim like Target

How to avoid becoming a victim like Target

"It's technology, process and policy and technology is only one-third of the solution"

Target's failure to act when alerted that malware was in its network is a reminder that spending large amounts of money on technology is a waste without the right people and processes.

Weeks before hackers started siphoning 10s of millions of credit card numbers from Target's payment systems during last year's holiday shopping season, security personnel were warned that malware was in the retailer's computers, Bloomberg BusinessWeek reported.

The alert came from a newly installed network-monitoring tool from security vendor FireEye. The system, which cost $1.6 million to install, apparently did its job. The failure was in not responding to the alerts, experts say.

Technology like FireEye's is good at spotting potential problems, but the number of alerts is overwhelming without fulltime staff dedicated to separating the false positives from warnings that point to a serious computer breach.

"It's technology, process and policy and technology is only one-third of the solution," Avivah Litan, analyst for Gartner, said.

"If you don't have the process, which includes organization, and if you don't have the policy saying what you are going to do when you see a high alert, then it doesn't matter if you have the best technology in the world.

"The alarms are going to go off and no one is going to pay attention to them."

Why Target did not follow up on the FireEye warnings is not clear. Nevertheless, companies that deploy the same type of technology should be aware "that none of these systems are perfect," Litan said.

To make effective use of these systems, an enterprise needs to have fulltime security pros monitoring alerts. Since this is often considered too expensive, than companies have to be willing to hire a managed service provider (MSP) to do the monitoring for them, Rick Holland, analyst for Forrester Research, said.

"For the majority of companies out there, they're going to have to rely on a third party to do their SOC (security operations center) operations for them," Holland said.

Companies that go that route have to have a tight and well-managed relationship with the service provider. That partnership has to include locating in advance the computer systems that process and store the information that drives revenue for the company or would cause tremendous harm to the business if stolen. This systems list should be updated every quarter.

Knowing all of this in advance will give the MSP a clear understanding of what areas of the network to watch closely.

"The number one priority should be focusing on the important assets and detecting bad things against them way before the exfiltration (of data) occurs," Holland said.

Overall, network-monitoring tools require manpower. While the FireEye system could have been configured to remove malware automatically, that feature was turned off.

Target had determined that the software was too new and untested to have it delete files on its own. The decision was the right one, because if the software made a mistake, it could easily taken down a critical system.

"It is always the recommendation to fully test the product in the environment before turning on automatic checks," Joe Schumacher, security consultant for risk management company Neohapsis, said.

"In my opinion, it takes a lot of additional work by an enterprise to reach an automatic block level with a product as the last thing security wants is to make the business grind to a halt."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags security



Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Veritas honours top performing trans-Tasman partners

Veritas honours top performing trans-Tasman partners

Veritas honoured its top performing partners across the channel in Australia and New Zealand, recognising innovation and excellence on both sides of the Tasman. Revealed under the Vivid lights in Sydney, Intalock claimed the coveted Partner of the Year 2017 (Pacific) award, with Data#3 acknowledged for 12 months of strong growth across the market. Meanwhile, Datacom took home the New Zealand honours, with Global Storage and Insentra winning service provider and consulting awards respectively. Dicker Data was recognised as the standout distributor of the year, while Hitachi Data Systems claimed the alliance partner award. Photos by Bob Seary.

Veritas honours top performing trans-Tasman partners
An Evening With Eugene Kaspersky for Kiwi partners in Auckland

An Evening With Eugene Kaspersky for Kiwi partners in Auckland

​New Zealand partners came together for An Evening With Eugene Kaspersky in Auckland, an invitation only event as part of Kaspersky Lab Partner Engage. Following an evening of insights and executive networking with the founder of Kaspersky Lab, Eugene Kaspersky, Kiwi partners got up close and personal with Eugene in an unprecedented​ panel discussion. Facilitated by Reseller News, this panel explored channel relationships, successful business strategies, and the latest ground breaking technologies to impact the security market. Photos by Maria Stefina.

An Evening With Eugene Kaspersky for Kiwi partners in Auckland
Show Comments