As the digital world is growing and evolving, more opportunities for cyber-attacks are rising. During the “pandemic period” of 2020-2021, ransomware attacks increased by 150%. In just the first half of 2022, there have been a reported 236.1 million ransomware attacks. Ransomware is the more common cyber attack as it steals and withholds vital data from an organization and will only release it when a declared amount of funds is delivered to the attacker. A major factor in why these attacks are rising is that traditional security approaches are failing.
The reason for their failure is simply due to a lack of adaptability to detect newer and more advanced threats. On average it takes 287 days for current security approaches to detect a breach. That’s more than enough time for that breach to be successful many times over. In 2022 “dwell time” between “stealth” intrusions and attacks increased by 36% leaving a narrow window to detect and stop intrusions. Another major factor to consider is that cyber criminals nowadays are covering their tracks by destroying their logs so they can’t be traced. It’s time for a new approach to protecting the digital world. However, it’s important to identify what is threatening network security, and that threat has been dubbed “dark space.”
Network security dark space is any network infrastructure that doesn’t appear on the “golden store” of configuration data. This data includes firewalls, routers, proxies, load balancers, endpoints, and hosts. Even more shocking is that 70% of networks are dark space. Traditionally to obscure important data, encryption was implemented to make stealing it difficult. Now, cyber attackers are using encrypted technology to mask their activities. In fact, 91.5% of malware arrives over encrypted connections.
IT professionals were asked how confident they are in detecting encrypted cyber attacks. 59% of them said that they don’t have awareness of every communication across devices on their network. They also mentioned that they are not confident in handling encrypted traffic because they lack the tools needed to detect, intercept, and analyze threats. Unfortunately, those professionals are not alone in this sentiment as 79% of organizations are struggling to detect threats hidden in encrypted traffic. They feel uncertain that they have a good understanding of how to detect and protect against attacks using encryption to bypass legacy security solutions.
The next generation of cybersecurity is a network detection and response platform (NDR). NDR detects suspicious network traffic so a tech team can respond faster to hidden threats. This platform analyzes encrypted traffic to detect malware on secured network sessions without decryption. It also monitors all traffic flows across the network, and detects threats from all sides. Moreover, NDR can attribute any malicious behavior to a specific IP address so attackers can be tracked even if they delete the logs. Lastly, NDR provides real-time alerts to improve incident response times.
However, this is just NDR in its base form. In the works, there is an NDR platform that will be backed by AI to take a smarter and more adaptive approach to navigating through dark space. Called “ThreatEye,” this uses the NDR platform to build a fingerprint of all assets and behavior patterns and monitors for anomalous usage.