Anthem Inc., the country’s second-biggest health insurer reports hackers broke into a database containing personal information for roughly 80 million of its customers and employees in what is likely to be the largest data breach disclosed by a healthcare company. “Tens of millions” of records have been stolen exposing names, birthdays, addresses and Social Security numbers. On a positive note, the breach doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers. Most likely the hackers could have easily taken that information also, but were content to leave with what they could carry.
Anthem is just another example of the magnitude, sophistication and volume of breaches that occur on a daily basis, though most go undetected. Security is no longer about protecting the perimeter and keeping adversaries out, it needs to be about detecting and minimizing the damage once they get inside — stopping a breach before it becomes a full-scale attack.
The security industry is coming from a mindset of “fire and forget” where companies think they are safe because they have a well-known, well marketed, antivirus solution in play. This attitude and faulty thinking needs to change or companies will continue to fall victim to hackers, criminals and nation-state actors at a cost of $3.5 million per intrusion.
Why Do These Attacks Keep Happening?
AV vendors are developing products in a vacuum — they simply don’t address the sophistication of today’s adversary, but they continue to sell huge amounts of product. Organizations then fall prey to the marketing hype and market share of antivirus solutions that don’t work. Traditional security products are easy for hackers to circumvent because they aren’t rigorous. To be rigorous you must collect enormous amounts of data on each protected machine to find where malware hides. You must be able to scrupulously monitor the memory of each computer in your network (most advanced attacks happen in-memory and go undetected). And lastly, you need a solution in place that can rapidly detect suspicious activity and create a machine-generated response vs. alerting a team of people that get to the fire too late (as in the case of Target, Sony and probably Anthem).
Triumfant is rigorous. It continuously scans more than 700,000 assets per protected machine. Triumfant’s memory process scanner is capable of detecting malware in memory or on the hard drive. Triumfant detects the presence of malware and automatically builds a remediation plan and repairs the machine, and any collateral damage, within minutes of an attack – not hours, days or weeks. And, no human intervention is required. As we see time and again, security teams can’t detect or react fast enough to advanced attacks with alert-driven tools. Triumfant emphatically closes the breach detection gap, enabling organizations to thoroughly detect and respond quickly to sophisticated attacks that bypass traditional tools. Anthem and others – take note.