Verizon is giving enterprises an easier way to fight known security threats by launching an application built on its annual Data Breach Investigation Report and Splunk's analytics platform. The new app, announced this week, is one outward sign of the strategic shift within Verizon toward more a more analytics-based approach to its managed security services. (See Verizon Creates Data Breach Prevention App.)
That approach has been in the works for some time and is needed to more effectively address both the increase in frequency and sophistication of attacks and the broader attack surface created by explosion in Internet-connected devices that is part of the Internet of Things, says Jonathan Nguyen-duy, CTO, Global Security Services, for Verizon Enterprise Solutions . As part of this change, Verizon is trying to make better use of the massive data resource behind the DBIR, which is a compilation of existing public breach information coupled with recommendations for preventing breaches the carrier has issued annually for the past 11 years. (See Verizon Aims Big Data at Data Threats and Verizon Offers Industry-Specific Security Advice.)
"We publish the DBIR at no charge and the top 10 recommendations are clearly outlined there," Nguyen-duy. "This app allows you to see your data against those 10 recommendations" and see what kinds of anomalies it can find that could be leading to vulnerabilities.
The DBIR app for Splunk Inc. software can be downloaded for free, as can a trial version of the Splunk analytics, so that enterprises can see how the combination of the DBIR intelligence and the Splunk analytics tool can be applied to their network data to increase security.
"We were looking for ways to help clients very easily access their data and apply our insight from the DBIR and that is what this app does," Nguyen-duy says. "It marries Verizon's operational expertise and intelligence and applies a series of correlation rules that are in this app," and then using the Splunk analytics tool, applies those recommendations to the enterprise data.
So, for example, the app would alert an enterprise when one individual's log-on credentials are being used in two different physical locations at the same time. It can also do things such as behavioral analysis that detects unusual patterns which could be an indication of malicious activity, such as changing of admin credentials.
"Splunk has the ability to ingest any type of data, whether it's security devices or network devices or anything in this industrial or IoT realm," he explains. "Splunk can ingest the log files and it allows us then to write correlation rules across that." The correlation rules allow an enterprise to begin seeing things that are potential signs of trouble, such as something Nguyen-duy calls "impossible VPN journeys" or connections that seem to traverse unusual paths.
Using analytics and a behavior-based model enables the security app to detect advanced attacks based on this anomalous behavior and that's important because most of these attacks don't generate the kind of signature that makes them detectable by security software, as viruses or worms might be, he says.
Allowing people to download a free app is intended, of course, to encourage them to buy Verizon's managed security services, which offer more robust services and can view across the entire network map, including wireline and wireless connections. But Verizon also wants to see more of its DBIR recommendations adopted, something that doesn't always happen today, Nguyen-duy says.
"This is an operational implementation of the recommendations of the DBIR," he comments about the app. It lets Verizon help enterprises implement the "rigorous and disciplined vulnerability management" that would stop almost half of the attacks that lead to data breaches. "That's a startling number but it points out that there are still very basic things we are not doing as an industry."
That one step is actually one of the two top recommendations in this year's DBIR, the other being adoption of multi-factor authentication to make it harder to steal or falsify access credentials.
— Carol Wilson, Editor-at-Large, Light Reading