Cyber threats are so common and insidious today that it's a case of when, not if, your network has been breached. And it is highly likely that you don't even know it. Research conducted earlier in 2013, in conjunction with the Infosecurity exhibition in London, found that 93% of large organisations have been breached in the past year, as have 87% of small organisations. Those organisations are also reporting that they are getting breached more often, with 50% more breaches experienced, on average, than the previous year.
Add to this the fact that breaches are getting harder, and are taking longer, to discover. According to the 2013 Data Breach Investigations Report from Verizon Business, 66% of breaches that it studied took months or more to discover and 69% were discovered by third parties, not the affected organisation itself. Attackers today use advanced techniques that are highly targeted and that use stealth to bury deep into the networks that they have infiltrated, using techniques to avoid detection by traditional reactive security controls.
The ability to detect and respond to such threats and attacks requires automated capabilities that heretofore have been inadequate. Most incident response programmes therefore rely on a great deal of manual intervention, which does not result in repeatable processes, so the cycle begins again with each new incident.
Technology vendors are responding to the need to provide adequate threat detection and response capabilities in an automated fashion, correlating events from throughout the network to provide analytical capabilities that aim to provide organisations with the actionable intelligence that they need to respond to and remediate threats in order to improve their overall security posture and reduce risk to an acceptable level. Many of these are built on the foundation of security information and event management (SIEM) capabilities, combined with log management, event data storage and big data security analytics capabilities.
Hexis Cyber Solutions is a new company that aims to take such capabilities to a higher level. Whilst it may be a new name in the security arena, its capabilities are built on a strong heritage-the combination of event data warehouse and big data analytics capabilities from Sensage combined with advanced cyber intelligence capabilities from KEYW Corporation, built on its experience of solving cyber defence capabilities for some of the world's most sensitive networks, including those of the military, government and critical infrastructure operators.
The result of this combination is the HawkEye G "Active defence grid" platform. The capabilities of the platform comprise organisation-wide event collection, correlation and storage in an event data warehouse suited for the needs of security event information, with big data analytics and threat intelligence capabilities, and automated real time policy-based countermeasures for threat remediation. The result is that organisations have the tools to be better able to detect and remove stealthy attackers, whilst achieving real time security awareness for risk reduction and compliance purposes. For those that do not wish the automated remediation capabilities-as was the case with many early intrusion prevention technologies, where many organisations were initially loathe to flick the switch to turn on the automated prevention capabilities-Sensage's original capabilities have been repackaged as the HawkEye Security Analytics platform, without the automated remediation capabilities.
The underlying technology for the new HawkEye G platform is mature. The real differentiator that the combination of Sensage and KEYW capabilities into one new entity provides is the level of intelligence that is being built in to the platform. In 2012, 96% of KEYW's revenues were derived from government contracts, which saw it undertake many defensive and offensive defence missions. As Chris Donaghey, who was one of the lead actors in the development of the HawkEye platform, states, the leading edge techniques developed by the intelligence community leads the commercial market by around three years. Development teams from KEYW, grounded in advanced offensive threat detection and remediation techniques, will actively be using widespread threat intelligence sources and information gleaned from customers to generate and push out algorithms for detecting new threats and countermeasures for responding to them on a fortnightly basis. Thus the new platform will provide SaaS-like capabilities, ensuring that all customers have the latest, up-to-date protection against previously unseen, advanced threats, as well as an automated way of dealing with them.
By forming a new entity, KEYW's capabilities from the public sector and intelligence community can be combined with the commercial prowess of Sensage to bring military-grade advanced threat detection and remediation capabilities to the commercial sector, giving them the situational awareness tools that have long been a success factor in military engagements.