A Silver Lining in the JP Morgan Breach?

The JPMorgan Chase data breach rocked headlines early this month as the latest in a series of breaches hitting nearly a dozen financial companies in 2014 alone. The news also follows similar breach disclosures from Target, Home Depot, Albertsons and others.

The massive security breach compromised 76 million households and seven million small business accounts. As a result, the bank will no doubt spend millions of dollars over the next few months repairing the extensive damage and working to restore its reputation.

As if the sheer reach of the JPMorgan Chase breach itself isnt bad enough, it spotlights an inherent flaw with most modern information security architectures. Specifically, state-of-the-art prevention technologies are not 100 percent foolproof for detecting and blocking persistent attackers.

Several industry analyst firms like Gartner, for example recognize that decades of information security prevention systems have failed to produce an architecture that can stop committed attackers, and in response, theyre making a dramatic shift in their recommendations to security practitioners.

The good news and yes, there is good news is that JPMorgan Chase was able to identify the network breach and remove the offending malware before any highly-compromising confidential data was stolen and before irreparable harm was done to customer accounts.

According to a filing made by JPMorgan Chase with the U.S. Securities and Exchange Commission, only names, addresses and emails were exfiltrated in the breach. There was no theft of money, account information like credit card numbers, passwords or social security numbers stolen.

Considering many of the other recent breaches in which highly confidential customer information was stolen, this is a success. While a network breach is never good, JPMorgan Chase was able to stop the data exfiltration before it reached a scale that would have caused irreparable harm to customer accounts and corporate brand equity.

Organizations have a lot to learn from JPMorgan Chase on how it caught the attackers before they were able to cause significant damage. There are also several noteworthy lessons learned in understanding why the financial institutions experience was so different from Targets disastrous breach, which resulted in the loss of 40 million customer credit cards.

There are a handful of large and highly profitable organizations like JPMorgan Chase that have vast resources dedicated to information security. With billions of dollars of annual IT budgets, these elite organizations can afford to buy the latest and greatest network logging and security analytics products, and hire large groups of security analysts to filter through and triage the hundreds and thousands of false positive alerts that are generated daily by these products. Wading through all of these alerts takes a considerable amount of time and can consume a team of analysts full-time.

Targets much smaller security team, on the other hand, wasnt able to keep up with the high volume of alerts being generated by its security infrastructure, which involved many of the exact same technologies used by JPMorgan Chase. Its well-documented that Target had deployed many state-of-art security products in its network that produced numerous alerts that a breach was occurring very similar to the situation at JPMorgan Chase. The problem is that those alerts were buried within thousands of other simultaneous false positive alerts, making it extremely difficult for Targets much smaller security staff to react and take action. Mainstream security products, including intrusion detection systems (IDS), sandboxing and security information and event management (SIEM) solutions, are all known to create very high ratios of false positives sometimes on the order of thousands per day.

Follow this link:
A Silver Lining in the JP Morgan Breach?