Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.
Andy Ellis describes this mindset as one “with attitude, not money. It’s possible to have a lot of money and still be in a bad place, just as it’s possible to operate a good security program on a shoestring budget.”
In the face of overwhelming evidence that traditional defenses such as signature based anti-virus and firewalls are woefully inadequate against modern threats, SSS leads defenders to proclaim satisfaction because they have been diligent in implementing these basic precautions.
However, people who deal with incident response today quietly assume that the malware will not be detected by whatever anti-virus tools are installed. The question of “does AV detect it?” never even comes up anymore. In their world, anti-virus effectiveness is basically 0% and this is not a subject of any debate. This is simply a fact of their daily life, as noted here.
So how does the modern IT manager defend effectively (and efficiently — since cost is always a concern) against this threat landscape?
The answer is in a suite of technologies now called endpoint threat detection and response (ETDR or EDR). These are IT analytics solutions which provide visibility and insight into abnormal behavior that could represent potential threats and risks and enable enterprises to improve their security posture. A sensor at the endpoint is used to detect the launch of new processes and compares the MD5 (or SHA) hash of this process to determine if it has been seen before/trusted.
Can your SIEM provide ETDR? EventTracker can. Time to upgrade?