Bloomberg Businessweek (North America)
DON’T GO IT ALONE
CYBER DEFENSE: BUSINESSES NEED EFFECTIVE SECURITY PARTNERSHIPS TO STOP ADVANCED ATTACKS
Was your company’s data hacked last year? Don’t bet against it. In a recent survey of CEOS and CIOS conducted by AT&T, 62 percent reported that their organizations had been breached in 2015. Of course, many more were attacked and didn’t know it. Startlingly, only 34 percent said their business had an incident response plan in place. Unfortunately, it’s only a matter of time before these companies will be devastated by a cybercrime attack.
Many corporations that have crisis plans and top-shelf IT capabilities are also at increased risk because they “go it alone” to maintain cybersecurity— which is no longer considered viable for any large business—or use strategies that advanced criminals have already conquered.
Companies that simply throw dollars at new technology can be the most vulnerable. You need skilled employees who understand both the enemies you’re fighting and how your security strategies can strengthen—not complicate—your core business. And beyond simply tapping respected vendors, you need to partner with organizations at the forefront of modern threat intelligence, prevention and incident resolution. Modern cybersecurity is an ongoing process that requires thoughtful collaboration and intelligent investment. Here’s a game plan.
IT STARTS WITH GREAT PEOPLE
The right academic institution can be one of your most important allies in finding skilled talent. The University of Maryland University College (UMUC), a remote-learning institution with 82,000 students that has educated working adults since 1947, partners with companies across the world to develop effective and valuable IT and security leaders.
The college began offering a certificate program and bachelor’s and master’s degrees in cybersecurity in 2010, and now has 12,000 students enrolled in its cybersecurity programs. Among its accolades, UMUC was recently designated as a National Center of Digital Forensics Academic Excellence by the U.S. Department of Defense Cyber Crime Center, and has been designated as a National Center of Academic Excellence in cybersecurity and defense by the National Security Agency and the Department of Homeland Security.
“Our cyber programs are designed specifically to meet the needs of industry and government,” says Dr. Emma Garrison-Alexander, Vice Dean, Cyber Security and Information Assurance Department at UMUC’S graduate school. “We have a global presence, so we can deliver instruction and high-quality education to your employees wherever they’re located.”
Students—many of whom are high-level IT professionals who already work in cybersecurity—can choose particular tracks (such as digital forensics, Cisco networking or Microsoft servers) to customize their education and continually gain skills immediately useful to their companies.
“Importantly, we’re using the same state- of-the-art tools found in the best workplaces, and our multidisciplinary approach emphasizes policy and management as well as applied skills, so students have an end-to-end approach to modern cybersecurity,” says Garrison-alexander. Further, 90 percent of the programs’ professors have doctorate degrees, and nearly all actively work in the cyber field. “Our working CIOS, CTOS, CISOS [chief information security officers] and other executives and scientists bring real-world experience into the classroom, so the curriculums always reflect the lates, up-to-the-minute needs.”
YOU NEED SKILLED EMPLOYEES WHO UNDERSTAND BOTH THE ENEMIES YOU’RE FIGHTING AND HOW YOUR SECURITY STRATEGIES CAN STRENGTHEN— NOT COMPLICATE—YOUR CORE BUSINESS.
“THINK PREVENTION, PREVENTION, PREVENTION”
Cylance® , a cybersecurity company headquartered in Irvine, Calif., is disrupting the endpoint security market by focusing on preventing attacks—dismissing the conventional view that breaches are inevitable and that fast containment is the only workable strategy.
“Prevention should be paramount for every organization,” says Cylance President and CEO Stuart Mcclure. “By using a revolutionary new approach to prevention at every endpoint of your network—which is the target of every attack—you can literally predict and prevent 99.9 percent of cyberattacks.” Many business leaders agree; Cylance’s technology protects over four million endpoints for businesses and government institutions worldwide, including 50 of the Fortune 500.
Cylance uses artificial intelligence (AI) and machine learning (ML) to spot and neutralize attacks before they execute in memory, instead of relying on the industrystandard “signature” approach, which only reacts to a rogue file after it executes and starts its dirty work.
“All our competitors use signature-based technology, which identifies an attack and creates a signature—or representation of what happened on the system—to defend against it, but the obvious problem with this approach is that it requires a first victim,” explains Mcclure. “You don’t want to be that sacrificial lamb. By using AI that want incorporates 30 years of learning about past attacks, you can prevent virtually all new attacks, because, quite honestly, all attack strategies have been used in the past.”
The security results Cylance is achieving with its clients are quickly gaining converts. “Pretty much everybody in the industry has given up on prevention and thinks it can’t be done, so getting people to believe that they can actually prevent attacks—all day long, all pre-execution—will take a little while, but people are starting to believe their eyes,” Mcclure adds. “Given how devastating attacks are becoming, they’re beginning to understand that they need to think prevention, prevention, prevention.”
A big reason why signature technology fails is that highly skilled cybercriminals are FUHDWLQJ H[HFXWDEOH ÀOHV³WKH ÀUVW VHHGOLQJV of the malware that could take down your company—that lie in wait in “stealth” mode and can detect when it’s safe to execute. ´7KLV NLQG RI PDOZDUH ÀOH LV DFWXDOO\ aware of its surroundings, and knows if it’s in a virtual or debugging environment,” Mcclure explains. “It’s continually asking, ‘Is somebody looking at me?’ and if it detects anything, it simply won’t run. It waits until it’s clear to execute, and then it will tear your system apart.” The Furtim trojan that rampaged this spring is an example of such stealthy malware.
This strategy exploits an inherent weakness in almost all cyber defenses today, which primarily rely on creating signatures that can only work after a malicious executable file has run in your network. “Once something executes, the game is over,” says Mcclure. “So criminals can bypass these defenses. Technologies that offer true prevention must focus on stopping attacks pre-execution, before anything can run at all.”
Cylance is also converting doubters through its regular “Unbelievable Tour” demonstrations, in which the company invites prospective customers to bring their own malware samples to test alongside the day’s fresh download of brand-new mal
® ware that neither CYLANCEPROTECT , nor the three industry incumbent technologies, has ever seen before. The four endpoint security products are fed the live malware samples simultaneously, and the results are tallied before attendees’ eyes.
“We consistently protect against 99 percent of these attacks, whereas our competitors’ technologies are, at most, 50 percent effective on a really good day,” says Mcclure. The detection and resolution capabilities of Cylance defenses can neutralize the remaining 1 percent, but Mcclure wants businesses to focus on prevention, and to regard detection and response measures as a last resort in defending their assets—and in some cases, their survival.
NEW HALLMARKS: VISIBILITY AND TRANSPARENCY
Today, while more CEOS and CIOS are well-versed in the realities of modern cybercrime, most are still in the dark in one area: the day-to-day actions of the vendors they hire to oversee their network security or help manage the costly in-house defenses they’ve built.
Centurylink, the third-largest U.S. telecommunications company and a global leader in managed security services, encourages business leaders to pull back that curtain and demand a full 360-degree view into the defenses their security partners and vendors provide.
“Most MSSPS [managed security service providers] don't have the technical ability to let you view your own raw security data, because their conventional architectures would compromise the data of many other clients if they allowed that access,” says Tim Kelleher, Centurylink’s Vice President of IT Security Services. “They may give you a limited portal that lets you produce reports and summaries, but they won’t give you real-time access to security data, which is vital.”
ADVANCED VIRTUALIZATION IS CRITICAL TO HELP PROTECT THE CONTINUING EXPLOSION OF THE INTERNET OF THINGS (IOT), WHICH BUSINESSES ARE USING MORE INNOVATIVELY EVERY MONTH.
Seeing your network environment’s in-the-moment activity is the only way you can hope to independently prevent or contain breaches, or to verify what your security vendor is doing on an hour-by-hour basis, which is the minimum level of oversight companies need.
By innovating beyond the standard multitenant environments that impede most SIEM (security information and event management) systems, Centurylink is forging a new approach in cybersecurity that emphasizes total transparency. The company counts several Fortune 500 firms as customers, and is an advisor to the Department of Homeland Security, Department of Defense, Department of Justice, the Cybersecurity Council and multiple federal agencies.
“Our unique security architecture allows Centurylink to do something that no MSSP can, which is to provide our clients with complete, direct access to every bit of data we collect on their behalf,” says Kelleher. “This full visibility and transparency gives clients unprecedented access to their own data, allowing them to see everything we see, with real-time updates as a security event is occurring.”
By combining this visibility with managed security solutions, Centurylink gives IT leaders a clear view of their entire security environment—enterprise-wide and on a single screen—using a system as intuitive to use as searching Google. “And you can view this on a 30-inch monitor or sitting in Starbucks with a tablet,” Kelleher adds.
Security data is only as good as the breadth of the raw sources it comes from and the analytics engines that process it. Criminals can exploit the slightest weaknesses in advanced systems, so maintaining industry-leading, evolving threat intelligence is the only acceptable strategy. Yet the majority of MSSPS lack the size and scope to provide this.
As the world’s second-largest hosting provider, with 55 data centers in North America, Europe and Asia, Centurylink carries 20 percent of the world’s internet traffic. "This massive leverage gives us unique insights into what’s going on in the world, and that’s where real threat intelligence comes from,” says Kelleher. Given the vast reach and synergies required, no corporation can attain this level of defense on their own, he emphasizes. Without a globally connected partner to provide their security or augment their in-house capabilities, companies may be breached with alarming frequency.
In addition to superior threat intelligence, Centurylink brings each client leading-edge technology that uses only best-in-breed products—such as Elasticsearch ELK Stack and the IBM Qradar SIEM platform—to sift countless data streams from a company’s globally dispersed networks and perform real-time analyses that detect and neutralize most threats immediately.
“We want clients to think about security with a return-on-investment approach,” says Kelleher. Even if some in the cybersecurity industry have argued against applying ROI standards to defense efforts for more than two decades, he says, investing smarter and using service providers wisely can eliminate vulnerabilities while lowering costs.
MODERN DEFENSE MEANS VIRTUALIZATION
The growing reliance on mobile devices and the ever-increasing need for global access to sensitive data creates a moving target for cybersecurity efforts. “This means organizations need highly secure connections from end to end to help protect data, whether it’s at rest or in motion—on your computer, phone, tablet, in multiple clouds and all places in between,” says Mo Katibeh, AT&T’S Senior Vice President of Advanced Solutions. “AT&T is one of the only companies able to offer global service at that level.”
Providing highly secure connections to almost 140 million mobility customers in the U.S. and Mexico, and more than 3.5 million businesses worldwide, AT&T monitors and helps to protect more than 117 petabytes of network data every day. “That massive scale gives us unique insights in identifying the latest emerging threats,” Katibeh says.
Virtualization is critical to stop threats at mobile entrance points worldwide, he emphasizes. “We’re seeing a strong shift in cybersecurity from physical functions to virtual functions, and AT&T is a leader in security-function virtualization,” Katibeh says.
Advanced virtualization is critical to help protect the continuing explosion of the Internet of Things (IOT), which businesses are using more innovatively every month, Katibeh adds. “We’re able to help protect the connected devices that businesses use in their day-to-day jobs—such as machines RQ on factory floors, or crates that need to be monitored,” says Katibeh,
noting that AT&T helps connect and protect 28 million connected devices as of the end of the first quarter of 2016, and that number is growing rapidly.
A company needs to address several security layers to stop constant daily threats. The device, the network itself and each individual application and data set should be protected to help prevent a security incident. Once customized solutions are in place in these layers, companies should have an overarching threat analysis procedure in place to observe patterns in typical use activity for connected devices, and trends in threat activity, to help identify potential attacks before they become a problem. “To keep out bad actors, you need robust security solutions and a security operations center to help understand when something out of the ordinary is going on that might indicate a security threat,” explains Katibeh.
An additional layer is identity and authentication. AT&T’S new Halo platform will answer this need by using proprietary Mobilekey technology to help make multifactor authentication quick and simple. “The Halo platform uses a biometrics system that can log in a user with a fingerprint scan," Katibeh says, noting it also factors in location, use patterns and other information to authenticate someone before allowing access to proprietary data. The platform syncs between smartphones, tablets, laptops and desktops to connect mobile points in a highly secure manner, while allowing workers to move seamlessly between devices. “This helps businesses move away from a system of passwords and passcodes that are hard for people to remember, and towards a process that helps make employees more efficient in accessing information crucial to their jobs,” Katibeh adds.
By combining unparalleled visibility into the latest threats, and experience working with companies of all shapes and sizes (including nearly all of the Fortune 1000 companies), AT&T is uniquely positioned as a managed security provider. Further, its efforts to automate security processes and move to virtualized security functions keep productivity and the human factor in focus while helping to protect data. “Our managed security solutions help businesses stay focused on what’s important to them, while our global reach and best-in-breed collaboration allows us to innovate and implement cutting-edge network security protections,” says Katibeh.
Collaborating with institutions and companies that provide irreplaceable global reach and threat-detection capability is no longer optional for businesses that need gold-standard cyber protection. The age of going solo in cybersecurity has passed due to the sophistication and destructive power of modern cybercriminals, and stragglers are inviting disaster. With more top executives and board members being held accountable for data breaches, continuing to go it alone in cybersecurity could prove far more costly than expected.