The computer was invented to crack codes and steal secrets. Visit Bletchley Park just north of London, a pilgrimage of sorts for those in information security, and you learn how modern computing began with Allied code breakers and Nazi ciphers. A few decades later, connecting computers over large distances became possible thanks to work funded by DARPA, the US government Defence Advanced Research Projects Agency.
This month, a new film “The Imitation Game” celebrates Alan Turing and his genius in developing mechanised computation at Bletchley. IT security continues to borrow military thinking, tactics and terminology. It is no coincidence that many leading IT security vendors come from countries with a pool of former military and intelligence personnel. They not only have highly relevant and well-developed technical skills. They also really get security, understanding the motivation and methods of attackers and what it takes to defeat them.
Protecting the perimeter has always been key, the lonely sentry at his guard post or the firewall at the edge of a corporate network. But much of the data traffic today is not what it first appears, so to identify and defeat threats a next-generation solution has to be fully content and application aware. Legacy solutions are dangerously blind by comparison.
While guarding the perimeter will always be important, defining it is increasingly difficult thanks to teleworkers, contractors, web sites, VPNs and more. You must assume that persistent attackers may find a way in and ensure there are further obstacles in the way if they do. Network segmentation can help and organisations are also increasingly deploying technology which can spot anomalous LAN traffic. Spot a breach early and you can limit or prevent any damage or data loss.
Another trend is the collation and interpretation of security and event data from more points in the IT infrastructure in order to spot malicious activity which might not be evident from a single source. Whether this is done in-house using a Security Information and Event Management (SIEM) solution or by using an external service provider with greater resources and global insights, the key objective is to see through the background noise and extract actionable intelligence. Given the immense volume of log data which can be generated by a large corporate network, it is no surprise that Big Data tools and techniques are being adopted for security analytics.
Meanwhile, encryption is vital in protecting data, both at rest and in motion, as is more robust identification and authentication of all users. The increasing adoption of cloud services make this particularly important. Even free consumer services are improving in these areas. HTTPS connections have become the norm for many web sites and Google recently enhanced its two-step user verification by supporting relatively inexpensive USB security keys as an optional extra layer of identification for accessing services such as Gmail.
More data of more value is being created, stored and transmitted now than at any time in history. Today’s interconnected world means every application, user and device is a potential threat — or target. But while the sophistication of attackers continues to evolve, thankfully the security solutions available to thwart them are constantly developing also. You are a target — but keep your defences current and you will not be an easy one.
Dermot Williams is managing director of Threatscape.
Subscribers 0
Fans 0
Followers 0
Followers