SafeNet and IT-Harvest Preview the Breach Level Index at RSA 2013

By Peter Bernstein March 04, 2013

One of the big developments at the jam-packed RSA conference was the security industries focus on “visibility.” The context here is that you cannot defend against what you don’t know, and that even when you know it you need to understand the “context”, e.g., the order of magnitude of the type of risk exposed, in order to decide how best to mitigate it. In addition, there is the issue of speed/awareness in a world where real-time in many ways is the only time, although there was also a lot of attention paid to the use of big data to proactively get ahead of the bad actors by anticipating both the nature of attacks and the best counter-measure to use against them. 

In fact, from various quarters there were announcements about how to get a better view of things. This was particularly true in regards to such the pernicious impacts that the two biggest weapons of choice by bad actors on a global basis, Advanced Persistent Threats (ATPs) and Distributed Denial of Service (DDoS) attacks, so everyone knows the answer to the question “what’s up?”

However, the issue is not just about watching and reacting, hopefully quickly. As noted above, the very nature of the dynamism of the types of attacks means that the industry needs to come up with a way to classify and index them. The value should not be discounted. This is because when it comes to risk management, executives need to be able to develop a holistic and layered strategy so they can wisely spend scarce resources based on the severity, frequency and risks of various types of attacks in terms of their impacts on the enterprise. 

It is for precisely this reason that SafeNet, Inc., one of the largest information security companies in the world that protects information throughout its lifecycle, joined forces with IT-Harvest, an industry analyst firm founded by Richard Stiennon, to develop a Breach Level Index (BLI). In simple terms, the index is designed assign a single number to quantify the severity and magnitude of a data breach. The goals are:

  • Enable security professionals and general public to leverage the Breach Level Index to better understand the severity of a data breach and its potential impact
  • Serve as a benchmark for the industry and help security professionals objectively monitor the progression of breaches and utilize the data for better risk assessment
  • Obtain industry recognition about the value of the Index so that comprehensive information can be developed, disseminated and turned into actionable insights.

The idea is that all boats do in fact rise when the tide comes in and the cooperation on the creation, constant updating and availability of the Index is good for everyone. 

Facts matter

The Breach Level Index is intended to not only serve as a benchmark for the industry, but to help Chief Information and Chief Security Officers (CIOs and CSOs) classify the severity of a breach as well as utilize the data in their own risk assessment and planning.

“It is not realistic today to expect enterprises to be able to prevent intruders and insiders from penetrating perimeter defenses and accessing IT resources,” IT-Harvest’s Stiennon. “In a world where breaches are a given, we need to raise the level of discussion to ‘how severe was the breach?’ We developed the Breach Level Index to be a classification tool that enables this level of discussion and better empower security industry professionals to detect and prevent future breaches.”

SafeNet president and CEO Dave Hansen at RSA told me that, “We are asking all members of the security industry to be actively involved in the development of the BLI. Knowledge is power, and being able to not just get better perspective on risks but be able to use that information to effectuate and implement best practices to better protect high value assets is critical given the speed and severity of today’s cyber threats.” 

A brief primer on the Breach Level Index

The SafeNet IT-Harvest collaboration developed and algorithmic formula to determine breach severity.  The BLI factors a wide variety of inputs, including:

  • Data type
  • Number of records stolen
  • Breach source
  • Whether or not the high value data remained secure post breach

The inputs are then processed through an algorithm that produces an index number consistent with the Saffir-Simpson hurricane scale: 1 being least severe and 10 being most severe. The scale is open ended (no upper limit) and logarithmic (base 10). For those unfamiliar with such scales, the level of severity the higher the number is not a step function. In other words, as the explanation of BLI details, a score of 7, for instance, is 100 times more severe than a score of 5.  

To put this in context, and emphasize the need for such a tool, in introducing the BLI, it was noted that the recent TJX Companies Inc. breach was a 9.1 level breach and the Heartland Payment Systems breach was a 9.3 level breach.

In our discussion, Hansen reiterated his public observation that, “While the volume of breaches continues to increase, it is critical to keep in mind that not all breaches are created equal in terms of the level of severity and damage that they impose on organizations and their customers.”  He added, a thought echoed throughout the event that there is, “a new, complex and dynamic threat landscape, which is mandating the need for new tools like the BLI.” 

The themes of complexity, dynamism and recognition that there is no failsafe solution or amount of expenditure that can protect an enterprise 100 percent in what I have called, “The Age of Acceleration”—where the only constants are change and the speed at which it is accelerating—is why the BLI, if it gains the traction it deserves, can be extremely valuable. In fact, for a full explanation of the methodology employed, a whitepaper is available at here and here

While the word “triage” tends to have negative connotations, the facts are that CIOs and CSOs everyday have choices to make about what risk mitigation measures to use in the protection of their people, processes, systems and critical information (how it is created, stored, accessed and when it is on the fly). The goal is obviously to get maximum protection based on a risk assessment that enables planning mitigation on a strategy that is layered. However, this cannot be done without knowing a lot more about the context of the risks being faced, and that is why hopefully the BLI gets the attention it warrants, and the industry support it needs.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS

By: Special Guest    5/22/2017

The Infoblox Intelligence Unit observed two global malware outbreaks on Friday, May 12. Although there is no indication that the two attacks were rela…

Read More

The WannaCry Attack Was Years in the Making

By: Kayla Matthews    5/19/2017

WannaCry doesn't operate like you'd expect. That is, it's not a seedy application or form of spam that self-installs on your computer because you clic…

Read More

Google Crosses Lines, Puts Google Assistant on iPhone

By: Steve Anderson    5/18/2017

Google threatens Siri's dominance on iPhone by offering Google Assistant on the device.

Read More

The Six Best Cities in the World for Tech Jobs

By: Larry Alton    5/18/2017

While Silicon Valley gets all of the attention, there are plenty of other tech destinations here in the U.S., as well as abroad. Let's take a brief lo…

Read More

India's Current Start-Up Scenario Compared to the US

By: Special Guest    5/16/2017

The burgeoning start-up scenario has undergone a paradigm shift globally. It has witnessed several shifts in the predominant trends throughout the las…

Read More