FireEye could have stopped the Target breach

Ernest Dunn, Director, Secure Networks, Presidio
03/17/14 at 10:40 am

Over 95% of enterprises and government agencies are compromised and don't know it.

Security breaches have become daily headlines. Today, risks and threats to sensitive information and IT infrastructure come from every angle, including inside and outside of organizations. The cyber threat landscape is rapidly evolving and attackers have transitioned beyond the virus and worm attacks of the past decade that you may be familiar with. Malware is now the main vector of attack and the attacks are sophisticated, targeted and persistent. Many of these attacks are being conducted by well-funded Nation-states and highly motivated adversaries.

This new generation of advanced attacker is focused on acquiring sensitive personal information such as social security numbers, credit card information, healthcare information, intellectual property and insider information. These targeted attacks occur across all industries and many are stealthy and persistent enough to go undetected by traditional security technologies, such as firewalls, IDS/IPS, anti-virus, and email or web gateways. To combat these advanced attacks and persistent adversaries, organizations need to reimagine security and adopt a process of continuous threat protection. Adopting this philosophy and process means having the ability to detect threats in real time as well as reduce the time to contain and resolve the threat.

The breach to retailer Target is a relevant example of the damage that can be caused by a security compromise. To date, this incident is the biggest retail hack in U.S. history. More than 90 lawsuits have been filed against Target by customers and banks for negligence and compensatory damages. Target’s profit for the holiday shopping period fell 46 percent from the same quarter the year before; the number of transactions suffered its biggest decline since the retailer began reporting the statistic in 2008. Target has already spent over $61 million responding to the breach. That’s on top of other costs, which analysts estimate could run into the billions.

The really interesting part of this story is that Target had the controls in their network that could have prevented the compromise. Target had deployed an Advance Malware Detection system from FireEye in their environment. FireEye detected the attack however the attack was successful because the solution was not configured to automatically block the attacks and they didn’t respond quickly enough to the alarms.  http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

The Target breach exemplifies how an effective security program must have the right mix of people, processes and technology to be effective. 

Presidio can design and implement a comprehensive security program including the appropriate security architecture components to combat these types of attacks. We have been providing security consulting services to clients for over a decade. Our experience spans all major verticals, including retail, education, healthcare, government, banking and more. Presidio’s consultants are highly experienced and certified professionals with strong backgrounds in security, compliance, and the fundamental technology areas that support a secure environment. Please contact us if you’d like to discuss or are in need of assistance.