Dynamic cyberthreat landscape demands preparedness
30 September 2015 | 0
The rise of the third platform, digital transformation and loss of the traditional perimeter are macro trends within enterprise cybersecurity that have combined to significantly increase the attack surface for organisations, demanding a greater level of preparedness for the inevitable breach.
That was a central message in the opening presentation by Duncan Brown, research director, Enterprise Security Programme, IDC at the Enterprise Security Conference 2015 in Croke Park.
“Understand normal through analysis, then identify and tackle the anomalies,” Duncan Brown, IDC
Brown said that these trends had conspired to produce a more dynamic threat landscape that is further complicated by what he termed ‘applification’, or the increasing number of applications that enterprises are deploying as they struggle to cope with cloud, mobile and social channels.
Brown said that to deal with this, analytics technology must be applied to security issues. Understand normal, said Brown, through analysis, then identify and tackle the anomalies, whether these might be user actions or machine to machine (M2M) communications. This will allow potentially dangerous or threatening actions to be isolated and dealt with.
The speed with which applications are update these days, said Brown, adds a further level of risk. He highlighted the case of one of the most popular as-a-service applications that, last year, saw 500 individual updates. Each of these updates, he said, has the potential to introduce risk.
Brown said that next generation security technologies must focus on business requirements, while fulfilling their purpose, but also while facilitating users. He emphasised that where security compliance is onerous, users will, generally without malice, circumvent to get their work done. A recurring example of this, he pointed out, was the practice of getting around complicated password routines by simply writing them down and sticking them to machines.
Martin Borrett, CTO, IBM Security Europe, spoke on the theme of evolving security. We are never done with security, he said, it is an evolving discipline that must adapt as requirements, standards and usages change.
Borrett said that cybercriminals are using business intelligence techniques to offer very professional services and so the same and better tactics must be employed to defeat them.
New technology introduces new risks, he said, but traditional security practices are unsustainable. We need to find new and more efficient ways of doing things as an industry.
IT leaders must find a strategic voice to influence business leaders, said Borrett. Today’s chief information security officer (CISO) needs to play a cross disciplinary role supported by the board.
Security should be a system, Borrett advised, a coordinated, orchestrated system of systems that work together in complementary fashion. He then introduced the concept of the Security Operations Centre (SOC).
The SOC is the heart of sensing, reporting and acting on cyberrisk to mitigate threat vectors.
“It’s about visibility and prioritisation, presenting the right information in context to allow informed action,” said Borrett.
He said that there were four consistent conversations being had at the highest levels for security.
Firstly, optimising the security programme. This can be achieved through good governance, metrics, improved organisational structures and processes, and the application of key technologies.
Secondly, there is the need to stop advanced persistent threats (APT). In many such instances, APTs use social engineering such as spear phishing attacks, combined with zero-day vulnerabilities. Borrett said when asked about this that zero-day vulnerabilities are often exploited in common patterns. While the zero-day itself, by virtue of being a zero-day, is hard to protect against directly, the patterns of exploitation can often be identified and stopped.
Thirdly, is the need to protect critical assets. This is often referred to as the ‘crown jewels’ approach, especially in relation to data. This must include user monitoring, identity and access management, endpoints, and intelligence and analytics.
Lastly, safeguarding cloud and mobile. Visibility here is key, to understand fully usage of both within the enterprise. Then there is the need to protect data and apps within these environments, manage access and again to gather threat intelligence.
“This is the time of the CISO,” said Borrett, “leverage that opportunity.”