DON’T GO IT ALONE

CY­BER DE­FENSE: BUSI­NESSES NEED EF­FEC­TIVE SE­CU­RITY PART­NER­SHIPS TO STOP AD­VANCED AT­TACKS

Bloomberg Businessweek (North America) - - Special Advertising Section -

Was your com­pany’s data hacked last year? Don’t bet against it. In a re­cent sur­vey of CEOS and CIOS con­ducted by AT&T, 62 per­cent re­ported that their or­ga­ni­za­tions had been breached in 2015. Of course, many more were at­tacked and didn’t know it. Star­tlingly, only 34 per­cent said their busi­ness had an in­ci­dent re­sponse plan in place. Un­for­tu­nately, it’s only a mat­ter of time be­fore these com­pa­nies will be dev­as­tated by a cy­ber­crime attack.

Many cor­po­ra­tions that have cri­sis plans and top-shelf IT ca­pa­bil­i­ties are also at in­creased risk be­cause they “go it alone” to main­tain cy­ber­se­cu­rity— which is no longer con­sid­ered vi­able for any large busi­ness—or use strate­gies that ad­vanced criminals have al­ready con­quered.

Com­pa­nies that sim­ply throw dol­lars at new tech­nol­ogy can be the most vulnerable. You need skilled em­ploy­ees who un­der­stand both the en­e­mies you’re fight­ing and how your se­cu­rity strate­gies can strengthen—not com­pli­cate—your core busi­ness. And be­yond sim­ply tap­ping re­spected ven­dors, you need to part­ner with or­ga­ni­za­tions at the fore­front of mod­ern threat in­tel­li­gence, pre­ven­tion and in­ci­dent res­o­lu­tion. Mod­ern cy­ber­se­cu­rity is an on­go­ing process that re­quires thought­ful col­lab­o­ra­tion and in­tel­li­gent in­vest­ment. Here’s a game plan.

IT STARTS WITH GREAT PEO­PLE

The right aca­demic in­sti­tu­tion can be one of your most im­por­tant al­lies in find­ing skilled tal­ent. The Univer­sity of Mary­land Univer­sity Col­lege (UMUC), a re­mote-learn­ing in­sti­tu­tion with 82,000 stu­dents that has ed­u­cated work­ing adults since 1947, part­ners with com­pa­nies across the world to de­velop ef­fec­tive and valu­able IT and se­cu­rity lead­ers.

The col­lege be­gan of­fer­ing a cer­tifi­cate pro­gram and bach­e­lor’s and mas­ter’s de­grees in cy­ber­se­cu­rity in 2010, and now has 12,000 stu­dents en­rolled in its cy­ber­se­cu­rity pro­grams. Among its ac­co­lades, UMUC was re­cently des­ig­nated as a Na­tional Cen­ter of Dig­i­tal Foren­sics Aca­demic Ex­cel­lence by the U.S. De­part­ment of De­fense Cy­ber Crime Cen­ter, and has been des­ig­nated as a Na­tional Cen­ter of Aca­demic Ex­cel­lence in cy­ber­se­cu­rity and de­fense by the Na­tional Se­cu­rity Agency and the De­part­ment of Home­land Se­cu­rity.

“Our cy­ber pro­grams are de­signed specif­i­cally to meet the needs of in­dus­try and gov­ern­ment,” says Dr. Emma Gar­ri­son-Alexander, Vice Dean, Cy­ber Se­cu­rity and In­for­ma­tion As­sur­ance De­part­ment at UMUC’S grad­u­ate school. “We have a global pres­ence, so we can de­liver in­struc­tion and high-qual­ity education to your em­ploy­ees wher­ever they’re lo­cated.”

Stu­dents—many of whom are high-level IT pro­fes­sion­als who al­ready work in cy­ber­se­cu­rity—can choose par­tic­u­lar tracks (such as dig­i­tal foren­sics, Cisco net­work­ing or Mi­crosoft servers) to cus­tom­ize their education and con­tin­u­ally gain skills im­me­di­ately use­ful to their com­pa­nies.

“Im­por­tantly, we’re us­ing the same state- of-the-art tools found in the best work­places, and our mul­tidis­ci­plinary ap­proach em­pha­sizes pol­icy and man­age­ment as well as ap­plied skills, so stu­dents have an end-to-end ap­proach to mod­ern cy­ber­se­cu­rity,” says Gar­ri­son-alexander. Fur­ther, 90 per­cent of the pro­grams’ pro­fes­sors have doc­tor­ate de­grees, and nearly all ac­tively work in the cy­ber field. “Our work­ing CIOS, CTOS, CISOS [chief in­for­ma­tion se­cu­rity of­fi­cers] and other ex­ec­u­tives and sci­en­tists bring real-world ex­pe­ri­ence into the class­room, so the cur­ricu­lums al­ways re­flect the lates, up-to-the-minute needs.”

YOU NEED SKILLED EM­PLOY­EES WHO UN­DER­STAND BOTH THE EN­E­MIES YOU’RE FIGHT­ING AND HOW YOUR SE­CU­RITY STRATE­GIES CAN STRENGTHEN— NOT COM­PLI­CATE—YOUR CORE BUSI­NESS.

“THINK PRE­VEN­TION, PRE­VEN­TION, PRE­VEN­TION”

Cy­lance® , a cy­ber­se­cu­rity com­pany head­quar­tered in Irvine, Calif., is dis­rupt­ing the end­point se­cu­rity mar­ket by fo­cus­ing on pre­vent­ing at­tacks—dis­miss­ing the con­ven­tional view that breaches are in­evitable and that fast con­tain­ment is the only work­able strat­egy.

“Pre­ven­tion should be para­mount for every or­ga­ni­za­tion,” says Cy­lance Pres­i­dent and CEO Stu­art Mcclure. “By us­ing a rev­o­lu­tion­ary new ap­proach to pre­ven­tion at every end­point of your net­work—which is the tar­get of every attack—you can lit­er­ally pre­dict and pre­vent 99.9 per­cent of cy­ber­at­tacks.” Many busi­ness lead­ers agree; Cy­lance’s tech­nol­ogy pro­tects over four mil­lion end­points for busi­nesses and gov­ern­ment in­sti­tu­tions world­wide, in­clud­ing 50 of the For­tune 500.

Cy­lance uses ar­ti­fi­cial in­tel­li­gence (AI) and ma­chine learn­ing (ML) to spot and neu­tral­ize at­tacks be­fore they ex­e­cute in mem­ory, in­stead of re­ly­ing on the in­dus­try­s­tan­dard “sig­na­ture” ap­proach, which only re­acts to a rogue file af­ter it ex­e­cutes and starts its dirty work.

“All our com­peti­tors use sig­na­ture-based tech­nol­ogy, which iden­ti­fies an attack and cre­ates a sig­na­ture—or rep­re­sen­ta­tion of what hap­pened on the sys­tem—to de­fend against it, but the ob­vi­ous prob­lem with this ap­proach is that it re­quires a first victim,” ex­plains Mcclure. “You don’t want to be that sac­ri­fi­cial lamb. By us­ing AI that want in­cor­po­rates 30 years of learn­ing about past at­tacks, you can pre­vent vir­tu­ally all new at­tacks, be­cause, quite hon­estly, all attack strate­gies have been used in the past.”

The se­cu­rity re­sults Cy­lance is achiev­ing with its clients are quickly gain­ing con­verts. “Pretty much ev­ery­body in the in­dus­try has given up on pre­ven­tion and thinks it can’t be done, so get­ting peo­ple to be­lieve that they can ac­tu­ally pre­vent at­tacks—all day long, all pre-ex­e­cu­tion—will take a lit­tle while, but peo­ple are start­ing to be­lieve their eyes,” Mcclure adds. “Given how dev­as­tat­ing at­tacks are be­com­ing, they’re be­gin­ning to un­der­stand that they need to think pre­ven­tion, pre­ven­tion, pre­ven­tion.”

A big rea­son why sig­na­ture tech­nol­ogy fails is that highly skilled cy­ber­crim­i­nals are FUHDWLQJ H[HFXWDEOH ÀOHV³WKH ÀUVW VHHGOLQJV of the mal­ware that could take down your com­pany—that lie in wait in “stealth” mode and can de­tect when it’s safe to ex­e­cute. ´7KLV NLQG RI PDOZDUH ÀOH LV DFWXDOO\ aware of its sur­round­ings, and knows if it’s in a vir­tual or de­bug­ging en­vi­ron­ment,” Mcclure ex­plains. “It’s con­tin­u­ally ask­ing, ‘Is some­body look­ing at me?’ and if it de­tects any­thing, it sim­ply won’t run. It waits un­til it’s clear to ex­e­cute, and then it will tear your sys­tem apart.” The Fur­tim tro­jan that ram­paged this spring is an ex­am­ple of such stealthy mal­ware.

This strat­egy ex­ploits an in­her­ent weak­ness in al­most all cy­ber de­fenses to­day, which pri­mar­ily rely on cre­at­ing sig­na­tures that can only work af­ter a ma­li­cious ex­e­cutable file has run in your net­work. “Once some­thing ex­e­cutes, the game is over,” says Mcclure. “So criminals can by­pass these de­fenses. Tech­nolo­gies that of­fer true pre­ven­tion must fo­cus on stop­ping at­tacks pre-ex­e­cu­tion, be­fore any­thing can run at all.”

Cy­lance is also con­vert­ing doubters through its reg­u­lar “Un­be­liev­able Tour” demon­stra­tions, in which the com­pany in­vites prospec­tive cus­tomers to bring their own mal­ware sam­ples to test along­side the day’s fresh down­load of brand-new mal

® ware that nei­ther CYLANCEPROTECT , nor the three in­dus­try in­cum­bent tech­nolo­gies, has ever seen be­fore. The four end­point se­cu­rity prod­ucts are fed the live mal­ware sam­ples si­mul­ta­ne­ously, and the re­sults are tal­lied be­fore at­ten­dees’ eyes.

“We con­sis­tently pro­tect against 99 per­cent of these at­tacks, whereas our com­peti­tors’ tech­nolo­gies are, at most, 50 per­cent ef­fec­tive on a re­ally good day,” says Mcclure. The de­tec­tion and res­o­lu­tion ca­pa­bil­i­ties of Cy­lance de­fenses can neu­tral­ize the re­main­ing 1 per­cent, but Mcclure wants busi­nesses to fo­cus on pre­ven­tion, and to re­gard de­tec­tion and re­sponse mea­sures as a last re­sort in de­fend­ing their as­sets—and in some cases, their sur­vival.

NEW HALL­MARKS: VIS­I­BIL­ITY AND TRANS­PARENCY

To­day, while more CEOS and CIOS are well-versed in the re­al­i­ties of mod­ern cy­ber­crime, most are still in the dark in one area: the day-to-day ac­tions of the ven­dors they hire to over­see their net­work se­cu­rity or help manage the costly in-house de­fenses they’ve built.

Cen­tu­rylink, the third-largest U.S. telecom­mu­ni­ca­tions com­pany and a global leader in man­aged se­cu­rity ser­vices, en­cour­ages busi­ness lead­ers to pull back that cur­tain and de­mand a full 360-de­gree view into the de­fenses their se­cu­rity part­ners and ven­dors pro­vide.

“Most MSSPS [man­aged se­cu­rity ser­vice providers] don't have the tech­ni­cal abil­ity to let you view your own raw se­cu­rity data, be­cause their con­ven­tional ar­chi­tec­tures would com­pro­mise the data of many other clients if they al­lowed that ac­cess,” says Tim Kelle­her, Cen­tu­rylink’s Vice Pres­i­dent of IT Se­cu­rity Ser­vices. “They may give you a lim­ited por­tal that lets you pro­duce re­ports and sum­maries, but they won’t give you real-time ac­cess to se­cu­rity data, which is vi­tal.”

AD­VANCED VIRTUALIZATION IS CRIT­I­CAL TO HELP PRO­TECT THE CON­TIN­U­ING EX­PLO­SION OF THE IN­TER­NET OF THINGS (IOT), WHICH BUSI­NESSES ARE US­ING MORE INNOVATIVELY EVERY MONTH.

See­ing your net­work en­vi­ron­ment’s in-the-mo­ment ac­tiv­ity is the only way you can hope to in­de­pen­dently pre­vent or con­tain breaches, or to ver­ify what your se­cu­rity ven­dor is do­ing on an hour-by-hour ba­sis, which is the min­i­mum level of over­sight com­pa­nies need.

By in­no­vat­ing be­yond the stan­dard mul­ti­tenant en­vi­ron­ments that im­pede most SIEM (se­cu­rity in­for­ma­tion and event man­age­ment) sys­tems, Cen­tu­rylink is forg­ing a new ap­proach in cy­ber­se­cu­rity that em­pha­sizes to­tal trans­parency. The com­pany counts sev­eral For­tune 500 firms as cus­tomers, and is an ad­vi­sor to the De­part­ment of Home­land Se­cu­rity, De­part­ment of De­fense, De­part­ment of Jus­tice, the Cy­ber­se­cu­rity Coun­cil and mul­ti­ple fed­eral agen­cies.

“Our unique se­cu­rity ar­chi­tec­ture al­lows Cen­tu­rylink to do some­thing that no MSSP can, which is to pro­vide our clients with com­plete, direct ac­cess to every bit of data we col­lect on their be­half,” says Kelle­her. “This full vis­i­bil­ity and trans­parency gives clients un­prece­dented ac­cess to their own data, al­low­ing them to see ev­ery­thing we see, with real-time up­dates as a se­cu­rity event is oc­cur­ring.”

By com­bin­ing this vis­i­bil­ity with man­aged se­cu­rity so­lu­tions, Cen­tu­rylink gives IT lead­ers a clear view of their en­tire se­cu­rity en­vi­ron­ment—en­ter­prise-wide and on a sin­gle screen—us­ing a sys­tem as in­tu­itive to use as search­ing Google. “And you can view this on a 30-inch mon­i­tor or sit­ting in Star­bucks with a tablet,” Kelle­her adds.

Se­cu­rity data is only as good as the breadth of the raw sources it comes from and the an­a­lyt­ics en­gines that process it. Criminals can ex­ploit the slight­est weak­nesses in ad­vanced sys­tems, so main­tain­ing in­dus­try-lead­ing, evolv­ing threat in­tel­li­gence is the only ac­cept­able strat­egy. Yet the ma­jor­ity of MSSPS lack the size and scope to pro­vide this.

As the world’s sec­ond-largest host­ing provider, with 55 data cen­ters in North Amer­ica, Europe and Asia, Cen­tu­rylink car­ries 20 per­cent of the world’s in­ter­net traf­fic. "This mas­sive lever­age gives us unique in­sights into what’s go­ing on in the world, and that’s where real threat in­tel­li­gence comes from,” says Kelle­her. Given the vast reach and syn­er­gies re­quired, no cor­po­ra­tion can at­tain this level of de­fense on their own, he em­pha­sizes. With­out a glob­ally con­nected part­ner to pro­vide their se­cu­rity or aug­ment their in-house ca­pa­bil­i­ties, com­pa­nies may be breached with alarm­ing fre­quency.

In ad­di­tion to su­pe­rior threat in­tel­li­gence, Cen­tu­rylink brings each client lead­ing-edge tech­nol­ogy that uses only best-in-breed prod­ucts—such as Elas­tic­search ELK Stack and the IBM Qradar SIEM plat­form—to sift count­less data streams from a com­pany’s glob­ally dis­persed net­works and per­form real-time anal­y­ses that de­tect and neu­tral­ize most threats im­me­di­ately.

“We want clients to think about se­cu­rity with a re­turn-on-in­vest­ment ap­proach,” says Kelle­her. Even if some in the cy­ber­se­cu­rity in­dus­try have ar­gued against ap­ply­ing ROI stan­dards to de­fense ef­forts for more than two decades, he says, in­vest­ing smarter and us­ing ser­vice providers wisely can elim­i­nate vul­ner­a­bil­i­ties while low­er­ing costs.

MOD­ERN DE­FENSE MEANS VIRTUALIZATION

The grow­ing reliance on mobile de­vices and the ever-in­creas­ing need for global ac­cess to sen­si­tive data cre­ates a mov­ing tar­get for cy­ber­se­cu­rity ef­forts. “This means or­ga­ni­za­tions need highly se­cure con­nec­tions from end to end to help pro­tect data, whether it’s at rest or in mo­tion—on your com­puter, phone, tablet, in mul­ti­ple clouds and all places in be­tween,” says Mo Kat­i­beh, AT&T’S Se­nior Vice Pres­i­dent of Ad­vanced So­lu­tions. “AT&T is one of the only com­pa­nies able to of­fer global ser­vice at that level.”

Pro­vid­ing highly se­cure con­nec­tions to al­most 140 mil­lion mo­bil­ity cus­tomers in the U.S. and Mex­ico, and more than 3.5 mil­lion busi­nesses world­wide, AT&T mon­i­tors and helps to pro­tect more than 117 petabytes of net­work data every day. “That mas­sive scale gives us unique in­sights in iden­ti­fy­ing the lat­est emerg­ing threats,” Kat­i­beh says.

Virtualization is crit­i­cal to stop threats at mobile en­trance points world­wide, he em­pha­sizes. “We’re see­ing a strong shift in cy­ber­se­cu­rity from phys­i­cal func­tions to vir­tual func­tions, and AT&T is a leader in se­cu­rity-func­tion virtualization,” Kat­i­beh says.

Ad­vanced virtualization is crit­i­cal to help pro­tect the con­tin­u­ing ex­plo­sion of the In­ter­net of Things (IOT), which busi­nesses are us­ing more innovatively every month, Kat­i­beh adds. “We’re able to help pro­tect the con­nected de­vices that busi­nesses use in their day-to-day jobs—such as ma­chines RQ on fac­tory floors, or crates that need to be mon­i­tored,” says Kat­i­beh,

not­ing that AT&T helps con­nect and pro­tect 28 mil­lion con­nected de­vices as of the end of the first quar­ter of 2016, and that num­ber is grow­ing rapidly.

A com­pany needs to ad­dress sev­eral se­cu­rity lay­ers to stop con­stant daily threats. The de­vice, the net­work it­self and each in­di­vid­ual ap­pli­ca­tion and data set should be pro­tected to help pre­vent a se­cu­rity in­ci­dent. Once cus­tom­ized so­lu­tions are in place in these lay­ers, com­pa­nies should have an over­ar­ch­ing threat anal­y­sis pro­ce­dure in place to ob­serve pat­terns in typ­i­cal use ac­tiv­ity for con­nected de­vices, and trends in threat ac­tiv­ity, to help iden­tify po­ten­tial at­tacks be­fore they be­come a prob­lem. “To keep out bad actors, you need ro­bust se­cu­rity so­lu­tions and a se­cu­rity op­er­a­tions cen­ter to help un­der­stand when some­thing out of the or­di­nary is go­ing on that might in­di­cate a se­cu­rity threat,” ex­plains Kat­i­beh.

An ad­di­tional layer is iden­tity and au­then­ti­ca­tion. AT&T’S new Halo plat­form will an­swer this need by us­ing pro­pri­etary Mo­bilekey tech­nol­ogy to help make mul­ti­fac­tor au­then­ti­ca­tion quick and sim­ple. “The Halo plat­form uses a bio­met­rics sys­tem that can log in a user with a fin­ger­print scan," Kat­i­beh says, not­ing it also fac­tors in location, use pat­terns and other in­for­ma­tion to au­then­ti­cate some­one be­fore al­low­ing ac­cess to pro­pri­etary data. The plat­form syncs be­tween smart­phones, tablets, lap­tops and desk­tops to con­nect mobile points in a highly se­cure man­ner, while al­low­ing work­ers to move seam­lessly be­tween de­vices. “This helps busi­nesses move away from a sys­tem of pass­words and pass­codes that are hard for peo­ple to re­mem­ber, and to­wards a process that helps make em­ploy­ees more ef­fi­cient in ac­cess­ing in­for­ma­tion cru­cial to their jobs,” Kat­i­beh adds.

By com­bin­ing un­par­al­leled vis­i­bil­ity into the lat­est threats, and ex­pe­ri­ence work­ing with com­pa­nies of all shapes and sizes (in­clud­ing nearly all of the For­tune 1000 com­pa­nies), AT&T is uniquely po­si­tioned as a man­aged se­cu­rity provider. Fur­ther, its ef­forts to au­to­mate se­cu­rity pro­cesses and move to vir­tu­al­ized se­cu­rity func­tions keep pro­duc­tiv­ity and the hu­man fac­tor in fo­cus while help­ing to pro­tect data. “Our man­aged se­cu­rity so­lu­tions help busi­nesses stay fo­cused on what’s im­por­tant to them, while our global reach and best-in-breed col­lab­o­ra­tion al­lows us to in­no­vate and im­ple­ment cut­ting-edge net­work se­cu­rity pro­tec­tions,” says Kat­i­beh.

Col­lab­o­rat­ing with in­sti­tu­tions and com­pa­nies that pro­vide ir­re­place­able global reach and threat-de­tec­tion ca­pa­bil­ity is no longer op­tional for busi­nesses that need gold-stan­dard cy­ber pro­tec­tion. The age of go­ing solo in cy­ber­se­cu­rity has passed due to the so­phis­ti­ca­tion and de­struc­tive power of mod­ern cy­ber­crim­i­nals, and strag­glers are invit­ing disas­ter. With more top ex­ec­u­tives and board mem­bers be­ing held ac­count­able for data breaches, con­tin­u­ing to go it alone in cy­ber­se­cu­rity could prove far more costly than ex­pected.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.