Anomaly detection is the first layer

Issue 3 2021 Security Services & Risk Management

Cybercrime incidents have surged in the last year, as malicious actors take advantage of the current global situation, including the work from home (WFH) trend. As IT has evolved, so too has ransomware and attacks have become increasingly targeted, pervasive and damaging. A multi-layered, proactive approach to data management and protection is essential and this begins with anomaly detection as the first line of defence.

Kate Mollett.

The evolving threat

In a WFH environment, people are connecting to critical applications and data from multiple distributed points, without the safety blanket of the enterprise network perimeter. People working from home are also more vulnerable to attack, as it is difficult to maintain standards of awareness when face-to-face contact is limited.

In addition, cybercrime has evolved into a fully-fledged business. Ransomware-as-a-Service is available to purchase on the dark web and South Africa is an attractive target for attack. In fact, a report from Accenture reveals that South Africa has the third most cybercrime victims worldwide, losing R2,2 billion a year.

Ransomware has become extremely sophisticated, with multifaceted and highly targeted attacks exploiting multiple points of vulnerability. Malware has even begun to attack the data protection solution itself, rather than just production data, making recovery from a successful exploit all but impossible.

The attack surface is so vast that traditional solutions are simply no longer enough. A new approach to data management and protection is necessary and this begins with the ability to discover unusual activity before it can cause damage – also known as anomaly detection.

Proactive alerting is the key

Malware exploits rely on slipping through network defences without detection. Much like burglars need to get into a building undetected so that they can steal valuables, ransomware needs time to infiltrate and steal data. Anomaly detection can be likened to a security camera for your network. It helps enterprises to identify unusual or suspicious network activity as it happens, flagging it for investigation and blocking it before damage can be done. For example, dramatic and sudden increases in network traffic, moved files, or even logins from unusual locations, can all be red flags that a threat actor is attempting to penetrate the network.

With anomaly detection in place, the appropriate people are immediately made aware of potential issues so that they can take action. As the old adage goes, prevention is better than cure. While protecting data is essential, it is actually a secondary issue, because an early warning of potential issues means that risk and damage is mitigated. This enables enterprises to take a proactive approach to potential threats rather than reacting after the fact.

Layered threat detection and prevention

Backup and recovery should not be the primary defence against ransomware or any other form of data loss – it is the final step in the process. It is critical today to identify threats, protect applications and data, monitor systems, respond to threats, create awareness and then if all else fails, recover from an event.

Anomaly detection as part of a data management framework is essential to an holistic solution, because data management is about more than just security. Tools like artificial intelligence and machine learning help systems to immediately identify potential threats and automate processes to stop attacks before they can penetrate a network. Building the right framework to manage your data, with multiple layers, covering all areas from the end point to the data centre and beyond, is essential to a modern data management strategy.

For more information contact Commvault,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Communication in any situation
Issue 8 2020, Elvey Security Technologies , Global Communications , Security Services & Risk Management
Global Communications offers an industry-first with five-year warranty on select Kenwood two-way radios.

The year resilience paid off
Issue 8 2020 , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions spoke to Michael Davies about business continuity and resilience in a year when everything was put to the test.

The reality of farm attacks
Issue 3 2021, Technews Publishing , Security Services & Risk Management
Nowhere in the world are people being as brutally attacked and murdered like farmers in South Africa (including a number of black emerging farmers and black farm labourers that have been attacked and injured or killed).

Insights into PoPIA compliance
Issue 3 2021, Technews Publishing , Security Services & Risk Management
Hi-Tech Security Solutions asked Carrie Peter, solution owner at Impression Signatures, for a few insights on what this piece of legislation means in the real world.

Top 10 security misperceptions
Issue 3 2021 , Cyber Security, Security Services & Risk Management
The Sophos Rapid Response team has compiled a list of the most commonly held security misperceptions they’ve encountered in the last 12 months while neutralising and investigating cyberattacks in a wide range of organisations.

The supply chain of the future
Issue 3 2021 , Integrated Solutions, Security Services & Risk Management, Retail (Industry)
For retailers to maximise their bottom line, the supply chain needs to be fast, efficient and responsive, which requires the use of intelligent, integrated technology.

PoPIA: Time Is up
Issue 3 2021 , Security Services & Risk Management, IT infrastructure
The Protection of Personal Information Act (PoPIA) comes into full effect on 1 July 2021 and there remains much confusion and ambiguity regarding its definitions, requirements and enforcement.

Towards a cashless world
Issue 3 2021 , Security Services & Risk Management
In addition to being safer from a viral transmission perspective, contactless payment is also faster and integrating multiple contactless payment methods assists small businesses to better maintain financial liquidity.

mySOS targets neighbourhood safety
Issue 2 2021 , Security Services & Risk Management
Beyond protection for valuables and premises, people are also looking to ensure their personal safety and that of their loved ones as they move around and within community areas.

Staying safe with tap-and-go
Issue 2 2021 , Security Services & Risk Management
When it comes to tap-and-go functionality, security does not fall within the ambit of only one particular link in the value chain; banks, retailers and users have a part to play in safeguarding these devices and transactions.