Coping with ongoing and increasingly dangerous cyber-threats is an unavoidable reality for the modern enterprise. Despite the development of more advanced cyber-security solutions, including firewalls and endpoint protection, many business and IT leaders find themselves frustrated—if not overwhelmed—by the hit-or-miss nature of products and the level of false positives many products generate.
In fact, a recent CompTIA survey found that 49 percent of CIOs, CSOs and CISOs rate malware a “critical concern.”
One company attempting to adopt a more sophisticated approach to cyber-security is Orange, one of the big three Israeli wireless telecom firms, with about 3 million subscribers and a 29 percent share of the country’s communications market. The firm, which has approximately 4,000 employees and operates more than 4,000 servers to manage its business, found itself mired in aging cyber-security tools that could not provide accurate information about events.
“We had been experiencing 500 or more false positives every day,” recalls Arieh Shalem, chief information security officer for Orange. As a result, security teams wound up sinking huge amounts of time and energy into tracking down the root cause of alerts and alarms—all while other potentially dangerous events flew beneath the radar.
“We knew we had to move to a solution that provided deep insights,” Shalem points out. “Although conventional cyber-security tools remain important, they do not provide the protection or the deeper insights necessary for today’s business environment—particularly as zero-day malware becomes more common and problematic.”
Removing Guesswork From Cyber-Security
After examining a number of products and vendors, Orange turned to LightCyber, a firm that offers Active Breach Detection (ABD), a solution that applies machine learning methods and behavioral profiling on all network traffic and endpoint activity to identify certain attack behaviors. The telecom firm went live with the solution in May 2014.
Shalem says that the ability to deploy the software quickly and without a high level of disruption was appealing. However, the primary selling point was the ability to remove guesswork from the cyber-security equation.
The approach has helped Orange take a more proactive and effective approach to enterprise security. “We have deep integration with our network and our network-attached storage devices,” he says. “We can block specific ports or take other actions, including blocking between the LightCyber software and network access control, if a breach takes place.”
Shalem explains that by using the central dashboard, “staff can watch traffic, see it move across the network, and know who is talking to whom and what protocol they are using.”
In addition, security personnel can peer into servers and other devices and identify suspicious code or malware, including social engineering threats. Still another benefit, he says, is the solution’s far more robust reporting capabilities, which are built into the security software.
To be sure, Active Breach Detection has proved to be a winning approach. “We have moved from a reactive approach to a far more proactive approach,” Shalem points out.
“We are now able to monitor the environment effectively, and we have a much better idea of what is going on at any given moment. We have a level of visibility that simply didn’t exist in the past.”
Photo of Tel Aviv is courtesy of Giora Engel, founder of LightCyber.
