Dell Data Breach And What Constitutes Industry “Best Practice” Response

456

The industry is following Dell’s announcement of a security breach that took place earlier this month.  How do you assess their response?

Pravin Kothari, CEO at CipherCloud:

Pravin Kothari“On November 9, Dell disclosed a security breach where potentially customer names, emails and hashed passwords. Dell noted that they found no conclusive evidence that any data was extracted. Dell detected the attack and shut it down within one day.

In contrast, the average dwell time, or time from penetration to detection in the United States was 99 days in 2016 and 75 days in 2017. A typical skilled cyber attacker, as illustrated by red team testing, can obtain administrator credentials in just a few days after they get inside of the network. Worse yet, is that about 60%+ of cyberattacks are discovered by external sources and business partners – not by internal security or IT teams.

Today you cannot keep attackers out of your networks. Sooner or later they will penetrate the best protected networks. Dell detected the network penetration and shut it down rapidly. The goal today for every security operations center is to detect and shut down attackers with the most minimal dwell time. This is the leading edge of industry best practice for on-premise and cloud security. Dell has shown that the right mix of skilled personnel equipped with the right tools for visibility, threat and data protection can make a big difference.”

In this article