We try to avoid simply re-posting articles here. However, a recent paragraph we read in “How Existing Security Data Can Help ID Potential Attacks” (from Information Week Reports) succinctly described a trend we are seeing and a market we are servicing:
“Don’t think about security analytics as simply another product you need to buy; think about it first as a new approach to intelligent incident response. That new approach is needed because, frankly, what most of us are doing now isn’t working. By the time most security pros process disconnected forensic information, the bad guys already have your data. According to Verizon’s 2013 Data Breach Investigations Report, in over half of reported incidents, it took malicious hackers only a few hours to go from initial compromise to data exfiltration. However, 85% of breaches took organizations weeks or more to discover. Similarly, according to the Ponemon Institute’s Post Breach Boom study, it took an average of 80 days to discover and resolve a malicious breach. Eighty days!
Jules Verne wrote a novel about traveling around the world by balloon in 80 days…became a couple of movies. Seems quaint now when we consider that our data can travel around the world in 80 seconds (or less), and that 80 days of undiscovered malicious data use allows a phenomenal amount of time for damage to be done. We found that healthcare Covered Entities are sitting on vast troves of data that they simply cannot utilize (i.e. share to good effect) because of the restrictions placed on them by HIPAA/HITECH. We solved that piece of the puzzle and decided to act because, quite honestly, the current silo approach to data security isn’t working and in the end, it is everyone’s medical records, privacy, and security that are at risk…and that mean’s everyone at MiddleGate and our extended families as well as our customers.