Corvil Says Treating Corporate Networks as a Perpetual “Cyber” Crime Scene Can Reduce the Cost and Impact of a Breach

With tough financial penalties on data breached businesses, firm believes Network Forensics are the Crown Jewel of the “Cyber Kill Chain” for when, not if, an attack occurs


SAN FRANCISCO, April 17, 2018 (GLOBE NEWSWIRE) -- As more than 50,000 cyber security professionals gather in San Francisco this week for RSA Conference 2018, Corvil is highlighting that network forensics intelligence - especially user-centric intelligence - is a critical cyber defense weapon for remediating issues before they escalate and avoiding future attacks.

In today’s sophisticated and evolving cyber threat landscape, research[1] shows the odds are stacked against businesses with a staggering one in four chance of having a breach.  Increasingly hacker-controlled machines inside the perimeter are accounting for the overwhelming majority of attacks[2].  Attackers are not only infiltrating the corporate network, according to new Verizon research[3], as much as 68 percent remain undiscovered for months.

Even when overburdened security teams detect suspicious behavior, the investigation process is arduous and often inconclusive.  Security teams often lack the context and data dimensions to identify the source systems and accounts used in the account, the data read or exfiltrated, and the additional footholds left behind.   Further, with the increase in data privacy regulations and requirements for prompt breach notification, Security teams are under added pressure to provider greater oversight, controls and to shorten investigation and impact determination timeframes.

Traditionally, digital forensics is enlisted after an incident, such as Facebook’s recent appointment of cybersecurity firm Stroz Friedberg to investigate the Cambridge Analytica data breach storm which has wiped almost $37 billion[4] off its market value. It is at this stage that many organisations discover their available data sources are shallow, fragmented and incapable of providing timely answers to queries.  However, in this climate of increasing regulation, while likelihood of an attack is high, certainty of engagement by internal auditors or regulators is absolute. This requires Security teams to assume a posture of having answers for questions that have not yet been asked about behaviors of users, devices, and applications.

Corvil, believes deep network forensics, incorporating user, host, and communication payload analysis is a critical step for gaining transparency into the “Black Box” of what is happening across a network or of an attack. Continuously monitoring, gathering and examining “evidence” to utilize as a remediation tool can significantly bolster security teams’ incident response preparedness and ability to respond to internal and external compliance teams.

When reputation, and sometimes existence, are at stake, the speed with which an organization can recognize, analyze, and respond to an incident will limit the damage and ultimately lower the cost of recovery,” says David Murray, Corvil Chief Marketing and Business Development Officer. “Insights derived from granular visibility enable security teams to rapidly investigate, isolate and identify remediations for vulnerabilities to reduce the impact of an incident and prevent future incidents. By accelerating investigation and response times, firms gain an enormous advantage over attackers.

The stakes are high for breached businesses as illustrated by Health insurer Anthem Inc. who settled a record $115 million lawsuits for a breach that affected 78.8 million people. Corvil believes with incoming EU General Data Protection Regulation (GDPR), that stipulates breach fines of up to four percent of global annual turnover and a seventy-two hour breach notification rules, firms need to radically rethink security priorities.  

Unfortunately, breaches are an inevitable consequence of digital business.  Network forensics that correlates user, host, and application activity is a critical capability to enable effective hunting of cybercriminals within an environment. Remediation technology and integration with the wider cyber-protection ecosystem is equally as important in planning and implementing an effective risk, compliance, and cybersecurity fabric,” concludes Murray.

Corvil will showcase its recently launched user-centric network traffic analysis for accelerated insider threat detection and response, at RSA Conference 2018 (Corvil Booth: 2526). The solution automatically provides security analysts with a unified view of user identity, host and network activity in one system.  This event takes place at Moscone Center, San Francisco, CA, from April 16 to 19, 2018.

About Corvil
Corvil is the industry leader for deriving Security, Operational, and Business intelligence from network data. As companies adopt faster and smarter machine technology, it becomes critical to tap into richer and more granular machine data sources to safeguard the transparency, performance and security of critical infrastructure and business applications. The Corvil streaming analytics platform captures, decodes, and learns from network data on the fly, transforming it into machine-time intelligence for network, IT, security and business teams to operate efficiently and securely in this new machine world. Corvil uses an open architecture to integrate the power of its network data analytics with the overall IT ecosystem providing increased automation and greater operational and business value outcomes for its users. The Corvil solution is trusted by leading financial institutions to safeguard their businesses across the globe involving 354 trillion messages with a daily transaction value in excess of $1 trillion.

Learn more about Corvil: Corvil.com | Twitter | LinkedIn

Contact information:
Press Office at Corvil
+353 1 859 1040
pressoffice@corvil.com 

[1] Ponemon Institute’s “2017 Cost of Data Breach Study: Global Overview,” the odds are as high as 1 in 4.
[2] 2017 Verizon Data Breach Investigations Report
[3] 2018 Verizon Data Breach Investigations Report
[4] Financial Times, March 24, 2018 >>
[5] Reuters June 2017 >>