Early Warning System for Data Exfiltration

Network security monitoring needs an early warning system. Attacks are getting slower, stealthier and more sophisticated. The average detection time of a security breach is lengthening, resulting in the wrong balance of reactive and proactive defence, and driving up the total cost of security and remediation. Existing monitoring tools will simply fail to cope with this. Broadly, the signature- or rule- based tools are very retrospective. This is quickly becoming obsolete, in a world where a specific malware is often only used a small handful of times. By contrast, anomalous behaviour monitoring overwhelms the defender with false positives and struggles to deal with pre-infected environments. There is a need to monitor networks for threat probabilities of indicators associated with early phases of attacks. This is a new approach to network security monitoring. It will shift the advantage back to the defender, by allowing them to “nip attacks in the bud”, before the organisation is exposed to significant costs of data loss. This approach also enables warning of unknown attacks and exploits; a fundamentally different approach to post-incident forensic signature-based methods.