Security Update - Urgent Need to Control Attacker Dwell Time

A recent report by Mandiant - unit of FireEye - focuses on issues that SCIT is designed to address. For example, SCIT team believes that intrusions are inevitable, and exclusively relying on successful detection is unwise - Mandiant notes that only a few of the attacks are detected and alerts generated. Reconnaissance tracking and lateral move detection are often inadequate. The report (https://www.fireeye.com/current-threats/annual-threat-report/security-effectiveness-report.html ) provides estimates of the frequency at which controls fail. 

We note that SCIT assumes that all intrusions cannot be prevented, especially true of zero days.  Thus there is a good chance that the criminals will succeed. The Mandiant report highlights challenges of the current approaches, and quantifies the probability of failure. SCIT approach (https://www.scitlabs.com/) is based on resilience, restoration and recovery mechanisms and relies on an additional layer of defense.

Here are a few items from the Mandiant report that highlight the challenges to current defense based approaches:

1. Only 9% of attacks and 4% of reconnaissance attempts generate alerts.

2. 65% of the time the security environment and 48% of security controls failed to prevent or detect an attack.

3. Most lateral moves were missed and most exfiltration techniques succeed.

SCIT addresses these challenges by focusing on minimization of attacker dwell time, throttling unusual outbound traffic and thereby severely limiting the ability of successful intruders to cause damage.