Time to Build Mon­i­tor­ing, De­tec­tion, and Re­sponse Ca­pa­bil­i­ties

Voice&Data - - COLUMN -

Pres­i­dent, RSA, Se­cu­rity Divi­sion, EMC

This year marked a strate­gic shift from a ma­ni­a­cal fo­cus on preven­tion, to­ward greater bal­ance on mon­i­tor­ing, de­tec­tion, and re­sponse ca­pa­bil­i­ties. It’s be­come cliché́ to say that breaches are in­evitable and that faster de­tec­tion and more ac­cu­rate in­ci­dent scop­ing are the way for­ward.

2015 saw con­tin­ued ac­cel­er­a­tion of threat evo­lu­tion. What was con­sid­ered an “ad­vanced” threat in years past has be­come a com­mod­ity to­day, with so­phis­ti­cated mal­ware and ex­ploits avail­able for the price of a movie ticket.

As trou­ble­some as th­ese ob­ser­va­tions seem, the most im­pact­ful evo­lu­tion goes al­most en­tirely un­re­ported and mis­un­der­stood.

The threats that mat­ter most, to­day’s per­va­sive threat ac­tors are now con­duct­ing at­tack cam­paigns com­prised of mul­ti­ple ex­ploit meth­ods and mul­ti­ple back­doors to as­sure per­sis­tence. In­com­plete in­ci­dent scop­ing has be­come a crit­i­cal and con­sis­tent mis­take made by se­cu­rity teams.

This year was also no­tably char­ac­ter­ized by se­cu­rity ven­dors claim­ing to be able to pre­vent ad­vanced threat breaches when the re­al­ity is, they can’t.

It was char­ac­ter­ized by or­ga­ni­za­tions rec­og­niz­ing the need to mon­i­tor and de­fend their dig­i­tal en­vi­ron­ments dif­fer­ently, but con­tin­u­ing to cen­ter their se­cu­rity pro­grams on the same tech­nolo­gies and ap­proaches they have been us­ing – hop­ing for a dif­fer­ent out­come, but not act­ing dif­fer­ently.

Here are some of the emerg­ing trends that our in­dus­try and or­ga­ni­za­tions need to be ready for in 2016:

Or­ga­ni­za­tions will be­gin to re­al­ize that not only is their data be­ing ac­cessed in­ap­pro­pri­ately, but that it is be­ing tam­pered with. Data drives de­ci­sion mak­ing for peo­ple and com­puter sys­tems.

When that data is un­know­ingly ma­nip­u­lated, those de­ci­sions will be made based on false data. Con­sider the po­ten­tially dev­as­tat­ing con­se­quences of mis­rep­re­sented data on the mix­ing of com­pounds, con­trol sys­tems, and man­u­fac­tur­ing pro­cesses.

As or­ga­ni­za­tions be­come more com­fort­able with the “as a Ser­vice” model, many of their most sen­si­tive ap­pli­ca­tions and data re­side in the Cloud. The ag­gre­ga­tion of this valu­able data from many com­pa­nies creates an in­cred­i­bly lu­cra­tive tar­get for cy­ber­crim­i­nals and cy­ber espionage. A deeper ap­pre­ci­a­tion of third party risk is needed.

As cy­ber­at­tack tools and ser­vices be­come in­creas­ingly com­modi­tized; the cost of at­tack­ing an or­ga­ni­za­tion is drop­ping dra­mat­i­cally, en­abling more at­tacks that do not have fi­nan­cial gain as the pri­mary fo­cus. So­phis­ti­cated hack­tivist col­lec­tives like Anony­mous have been joined by rel­a­tively un­so­phis­ti­cated cy­ber vig­i­lantes.

Or­ga­ni­za­tions need to re­al­ize that fi­nan­cial gain is no longer the only or even the big­gest driver of some of their ad­ver­saries. Se­cu­rity op­er­a­tions and risk man­agers should evolve their un­der­stand­ing not only of the threat, but also of what, why, where, and how they are be­ing tar­geted.

In­tru­sions into sys­tems that con­trol op­er­a­tions in the chem­i­cal, elec­tri­cal, wa­ter, and trans­port sec­tors have in­creased 17-fold over the last three years.

The ad­vent of con­nected and au­to­mated sen­sors ag­gres­sively ex­ac­er­bates th­ese is­sues. The growth in the use of cy­ber tech­nol­ogy for ter­ror­ism, hack­tivists and other ac­tors, com­bined with the weak­ness of ICS se­cu­rity gen­er­ally, com­bined with the po­ten­tial im­pact of bring­ing down a power fa­cil­ity or wa­ter treat­ment plant (hello, Cal­i­for­nia), makes the crit­i­cal breach of an ICS in 2016 ex­tremely con­cern­ing and in­creas­ingly likely.

Our in­dus­try has been awash in ven­ture cap­i­tal and as a re­sult, fool­ish in­vest­ments have been made in strate­gies and tech­nolo­gies that are lit­tle more than snake oil.

We ex­pect to see a shake-out in the se­cu­rity in­dus­try as or­ga­ni­za­tions un­der­stands ad­vanced threats in­creas­ingly driv­ing their se­cu­rity in­vest­ment de­ci­sions.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.