The majority of existing defences, which use pattern matching techniques to find threats, are unable to detect new attacks that use legitimate user credentials to access sensitive information, meaning that companies risk not being able to detect and report a breach within the 72 hours stipulated by GDPR. The resultant fines can amount to €20 million, or 4% of annual turnover.
However, far from calling for existing systems to be replaced, Aruba´s whitepaper suggests that these products remain essential as part of an effective GDPR strategy. It highlights the need to complement these defences with an additional layer of monitoring that utilises new types of attack detection, such as machine learning, to analyse the entire network collectively and find the very small changes in activity that are indicative of an attack.
“Personal information is absolute gold dust for attackers, because it can quickly be sold on the dark web” said Morten Illum, VP EMEA at Aruba. “It´s almost certain that your business will see its personal data targeted in future and attackers will appear to be a trusted user while they are carrying out their work. Without using automation tools to spot the unusual activity that’s going on, it could take months to detect what´s going on. And that´s bad news both for your customer relationships, and your GDPR strategy.”
As hacks become increasingly sophisticated and often spread out over many months it’s very difficult for security teams to identify small anomalies in how a device is accessing the data stored in an application. The Aruba 360o Secure Fabric offers a combination of network access control capabilities to view the millions of devices accessing the network and provide policy-based, device-specific access that can significantly limit access to user personal data.
The solution also includes the new Aruba IntroSpect, which uses machine learning to determine where personal data resides and search the entire network for anomalous activity that could indicate a potential security breach. IntroSpect uses this learning to generate ‘risk scores’ for each connected user, device, system and database, focusing the attention of IT and security teams and ensuring future attacks do not go unnoticed.
Reports from users of IntoSpect have shown that new threat investigations have been completed 30 hours quicker than previously-used systems, a significant reduction in the fight to meet the 72-hour reporting deadline of GDPR.
“There is no single product or combination of security solutions that can guarantee GDPR compliance”, added Illum.
“So, it´s time that we bring existing solutions together. A holistic GDPR strategy can only be achieved if the security teams have the right tools to do their job. We think a single view of the network, and the ability to automatically create new policies based on incoming activity, is our best chance of staying ahead.”