Hacking stages
Dermot Williams, managing director of Threatscape, said that this year generally saw an end to box ticking when it comes to security.
“I would classify 2014 as the year that tick box approach was finally put to bed.”
It is no longer enough to say that you have antivirus, firewall etc., you have to have a more holistic view of every threat that your systems face, said Williams, and admit that it is conceivable that your systems will be breached.
“You can’t have the M&M approach,” he said, “where you have a hard exterior, where you assume nothing is ever going to get in, and a soft interior, which once someone is inside, they can navigate easily, find valuable data and then exfiltrate it.”
Williams said that there are now various types of attack, such as the old ‘brick through the window’ attack of a hacker just trying to make noise. Then there is the ‘Breach Stage’ where someone gets in, stays for a while, gets something of value and then gets out. But there is also the ‘Bug Stage’ where there is not necessarily a specific target initially, but they stay for a long time, monitoring and collating until they have enough of value and then exfiltrate it.
“It can be quite a shock to discover that someone has been inside for 6 or 12 months, and you think, how much data have they exfiltrated?”
The measures needed to mitigate these risks, said Williams, are monitoring internal traffic for anomalies, monitoring outbound traffic for data going to command and control (C&C) servers, attempts to escalate privileges and things looking to cross internal firewalls, all of which can be indicators of a breach in progress.
On the virtualisation megatrend, Williams said an issue of increasing importance is how the hypervisor is secured, and the overall virtualisation platform. But also, how internal traffic between virtual machines on the same host is secured, because VMs running on the same server talking to each other will not see traffic going out over the network infrastructure. There means that there must be something on the platform itself to monitor traffic between VMs.
Near future
AVG’s Chin said that in the coming q12 months, the biggest influences are most likely to come from a need to efficiently secure and manage mobile devices, cloud-based applications and ordinary everyday objects such as printers and sensors connected to the Internet.
Fegan reckoned that new data protection legislation will be a key influence in the time frame, a point echoed by Ward’s Fay.
Trilogy’s Paddon said that setting and monitoring user standards and policies to reflect new mobile and cloud infrastructures is essential and then having systems to detect and mitigate breaches in policy will be key.
A tightening of the security between the gateway and the endpoint is a focus for future products for Sophos, said Hayden. This will help tackle increasingly sophisticated and targeted spam campaigns that have been seen lately.
Williams of Threatscape said that influences in the future will arise from when increasingly mobile users, who access SaaS applications and other cloud services that are not managed by IT directly, have data issues. IT is still accountable for the data that belongs to the organisation, even as it moves around on these various platforms and services.
“You absolutely need to find ways to make every part of your system is secure, including those which are living well beyond your castle walls,” said Williams.
Subscribers 0
Fans 0
Followers 0
Followers