Now that 2020 is officially in the history books, the world has begun to come to terms with just how historic the year’s events have been. Together, we have faced unprecedented challenges while battling a global pandemic, gone through a great deal of political upheaval, and have learned how to navigate a constantly evolving technological landscape, including new models for how we work and entertain ourselves remotely.
Each of these significant challenges has been impacted at a high level by a cybersecurity landscape that has had to balance keeping the world connected safely across increasingly taxed networks with protecting against a new and growing crop of bad actors who have been waiting for an opportunity like 2020 for decades.
Every network vulnerability opened new opportunities for hackers to infiltrate systems, steal data and wreak havoc. Several notable security incidents have left governments, private organizations, medical systems and large enterprise networks reeling. Many of these entities have discovered that their security plans are simply not up to the task of mitigating modern cybersecurity threats.
Let’s dive into a few of the prominent network security breaches that offer lessons we can apply as we look ahead to 2021 and beyond.
The Russian Hack of U.S. Federal Agencies
In December, news broke that the email systems of multiple U.S. federal agencies had been breached by hackers. The Treasury and Commerce Departments both reported attacks that potentially put incredibly sensitive government information into the hands of adversaries — the Department of Homeland Security suspects Russia is behind these incidents. It is hard to overestimate the potential significance of this attack, given the nature of the data that hackers may have accessed.
Adversarial AI has become more common over the past several years. Most companies don’t manage information quite as highly sensitive as federal government data, but this incident is a timely reminder of the potential impact adversarial AI can have on any network. Through a common vulnerability — breaking into the periodic automatic updates of the SolarWinds software — hackers were able to essentially trick Microsoft, Google and other providers about the identities of their computer systems, remaining undetected for months.
Marriott Hotel Personally Identifiable Information (PII) Breach
The enormous Marriott hotel chain reported the loss of the personal details of more than five million guests in 2020. The names, addresses, phone numbers, birthdates and airline loyalty details were stolen by bad actors, likely with the intention of reselling the information and tracking the travels of government officials and business leaders.
Similar to the U.S. Government email breaches, the Marriott breach occurred through relatively simple means — login credentials of employees at a single franchised property. A similar attack occurred in 2018, but on an even wider scale. 500 million Marriott Starwood guest accounts, including passport and credit card numbers, were breached through unauthorized access, making this one of the largest known data breaches in history.
Zoom had a moment in 2020, rising in popularity as businesspeople and students throughout the world turned to the service for meetings and classes they could no longer have in person thanks to the COVID pandemic. Unfortunately, the company appears to have been woefully unprepared for the increased attention.
Zoom experienced several notable security incidents throughout the year, including 500,000 user accounts that appeared for sale on a dark web forum. Hackers grabbed the account information by using user IDs and passwords that had been exposed in previous breaches, a tactic known as credential stuffing.
Once inside, hackers gained access to sensitive personal and corporate information. Additionally, because Zoom codes were easy for hackers to guess, they could join meetings without an invitation and interrupt or share inappropriate materials, an activity that became known as Zoom bombing.
U.S. Hospital Breaches
Five U.S. hospitals were targeted through major ransomware assaults in early 2020, resulting in a significant loss of sensitive data and tens of millions of dollars. These attacks resembled attacks that have been occurring with more frequency over the past few years.
Ransomware attacks spiked by at least 50 percent during 2020, and healthcare organizations, in particular, have been targeted more often. Other frequent targets include manufacturing, the software industry, government, military, insurance and legal firms.
One potential reason for the rise in ransomware attacks is the prevalence of ineffective, legacy rules-based systems being used to protect modern systems. Today’s hackers have become much more adept at bypassing these rudimentary systems.
It has become clear that organizations will need to invest in single, purpose-built platforms to thrive as modern SOCs in 2021 and beyond. Yesterday’s security solutions are failing at increasing rates, and the associated data losses represent millions of dollars in revenue losses, the deterioration of public trust and a persistent issue that will not resolve on its own. At the highest levels, a new SOC approach is in order.
Advantages of the Modern MixMode-Driven SOC
Modern threats require the modern solutions organizations can access through the MixMode platform.
Single Purpose-Built Platform
Organizations stand to benefit significantly from a single platform that centralizes the benefits of network traffic analysis (NTA), network detection and response (NDR), security incident and event management (SIEM) and user behavior analytics (UBA).
Data and Feed Agnostic Benefits
MixMode’s advanced threat and anomaly detection operates effectively and independently regardless of data format and type. SOCs can identify threats and anomalies in network traffic, log, API, time-series, cloud data and more.
Predictive Threat and Anomaly Detection
MixMode uses third-wave AI to deliver constant network monitoring, identifying patterns and creating a generative baseline of expected network behavior. Should anomalous activity occur, the platform automatically detects and surfaces threats in real-time.
Deep Forensic Investigation Capabilities
Unlike legacy SIEM systems, MixMode offers full search and investigation capabilities without the requirement to store data in a third-party proprietary format.
In less than a day, MixMode can be fully deployed across an organization’s network, including hybrid networks with a mix of cloud-based and on-prem data storage. Traditional NTA, NDR and SIEM platforms can take months or even years to deploy.
Enhance Your SOC with MixMode
While this has been a sobering year for SOCs on many fronts, we have the advantage now to look back at what’s gone wrong and apply those lessons to a better plan for the future.
Effective, next-generation SOCs must embrace comprehensive, smarter solutions that harness the power of predictive, self-learning AI in centralized systems that connect legacy data stores with network solutions that seemed futuristic only a few years ago. Cloud computing, BYOD and IoT-enhanced networks, edge computing and traditional on-prem servers can be monitored and kept safe with solutions like the MixMode platform.
Learn more about MixMode and set up a demo today.
MixMode Articles You Might Like:
*** This is a Security Bloggers Network syndicated blog from MixMode authored by Christian Wiens. Read the original post at: https://mixmode.ai/blog/building-a-better-soc-based-on-what-we-learned-in-2020/