An attacker can compromise a network and successfully exfiltrate data in less time than you might think.
The 2011 security breach of EMC’s RSA Security Division showed us that it only takes a few days, if not minutes, for cyber criminals to compromise a well-protected corporate network and launch an attack that would eventually cost at least $66M to remedy. Today’s cyber attacks are fast and hard hitting, sometimes happening so swiftly that qualified security personnel can’t triage the breach before it causes serious damage. In fact, as identified in our 2014 MTrends report, it takes organizations on average 229 days to detect a breach – and that detection is primarily done by third-parties!
Organizations can best protect themselves by leveraging real-time technology that can stop attackers in their tracks before they penetrate their targeted networks.
Getting In Line
Inline security solutions effectively defend against today’s fast-paced, evasive attacks on company networks. In the past, security professionals have weighed the risks of compromise from delayed detection and technology gaps versus the risks of potential traffic bottlenecks that were perceived with inline solutions.
Customers typically voice two issues with deploying inline technology, and they both stem from the concern that business needs to continue securely and uninterrupted.
The first of these issues is making sure the network remains functional and accessible, even if devices fail. Customers can’t afford a point of failure on a mission-critical network. But appropriate network design, internal or external fail-open kits, and associated software features significantly lessen the potential for network failure with inline solutions.
False positives have been another concern. Customers worry that filtering tools used to secure the network will cause significant extraneous noise, which potentially could keep them from detecting a true alert.
Most security administrators further fine-tune the signatures before deploying these products inline to adapt them to their environments. While this ensures that the security solutions do not impede business traffic (and this should be the first goal of any organization – run the business!), it lessens the impact of true, inline security.
Today’s evolving threat landscape of sophisticated, targeted attacks has emphasized a critical need for a scalable, secure solution to prevent the staggering outcomes of a successful breach.
The right type of solution balances the blocking power of true inline security with near-zero false positives. The FireEye Multi-Vector Virtual Execution (MVX) engine was designed to do just that. The FireEye MVX was the first technology to provide true multi-flow, multi-vector correlation of today’s advanced cyber threats. It does this by leveraging a virtual execution engine that mimics the end-user behavior to identify true threats and limit false alerts. The MVX is so accurate that across the FireEye customer base, a typical FireEye appliance gives customers 10 alerts/day instead of the hundreds or even thousands of alerts from other vendors that are made up almost entirely of false positives. With this accuracy, the time to investigate alerts and the associated costs are greatly reduced.
FireEye’s inline technology quickly has earned its customers’ trust. In May 2010, fewer than 15% of FireEye customers were using inline deployment mode. Since then, FireEye’s technology has proven itself as a trusted protection partner against advanced threats. As a result, nearly 50% of customers were inline deployment by the end of 2013, as seen in Figure 1.
Figure 1: The Percentage of FireEye Customers who Deploy FireEye Products Inline
This trend confirms what we’ve been hearing anecdotally from customers, and the numbers speak for themselves. Customers are confident about FireEye products’ ability to detect advanced attacks in real time with near-zero false positives. More and more of them are choosing to move beyond a detection-only solution to protecting against today’s advanced cyber attacks. Today, these customers are active proponents of inline FireEye deployments, not just as a must in their security framework, but also as a no-brainer in ensuring true, scalable inline security.