For security professionals, the threat landscape is becoming unwieldy. What strategies can they use to gain control?
Attention, security professionals: We’ve got your number.
You have a laundry list of to-dos in an increasingly sophisticated threat environment. You have bots and ransomware on your hands, new devices to protect, and the constant worry about insider threats and leaks. Protecting your business is more than a full-time job.
Today, your role in securing the enterprise requires a multipronged approach. You have to move beyond the old-school lens of securing the network perimeter. Your focus is on protecting mobile and IoT-connected devices as well as securing cloud-based files and apps—all while developing rock-solid threat intelligence plans to smoke out the risks around the corner.
“You have all kinds of assets outside your firewall: clouds, mobile and remote workers,” said Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike Inc., an Irvine, Calif.-based company that provides endpoint security and threat intelligence, He spoke during an RSA Conference Advisory Board roundtable. Traditional perimeter-based security alone won’t cut it anymore, he warned.
If the job of protecting the enterprise is getting more difficult, the costs of letting attacks through are becoming only more significant: According to a 2016 Ponemon Institute survey of nearly 400 respondents, companies indicated that a data breach could cost an enterprise $4 million a year. The same study indicated attacks have become 29% more costly since 2013.
At the same time, companies find themselves woefully unprepared to deal with attacks. In the Ponemon study, nearly 80% of respondents indicated that their security infrastructure to mitigate cyberthreats is nonexistent, ad hoc or inconsistently applied throughout the enterprise. While malware and ransomware have made a huge dent in the pockets and reputations of institutions around the globe, threats from within organizations loom large as well. According to recent data by the Insider Threat Spotlight Report, 56% of security professionals say insider threats have become more frequent in the past 12 months. They're also costly, with 75% of survey respondents saying insider breach remediation costs could set them back half a million dollars.
The themes of security complexity and cost were the backdrop for the RSA Conference Advisory board panel on Feb. 9. Cybersecurity experts gathered to discuss the threat landscape and issues that enterprises should consider in the wake of more costly and widespread attacks. Here are just a few of the cybersecurity trends to watch from the roundtable, led by Todd Inskeep, principal of commercial consulting at Booz Allen Hamilton.
The increasing use of data as a weapon. As the Mirai botnet attack and the Democratic National Committee (DNC) email leaks indicated, data is now a key weapon to be wielded in cyberspace. The web has vastly expanded the scale by which these attacks can spread and the avenues through which they can have an impact.
“Even I underestimated the extent to which we would see this play out in our 2016 election,” said Alperovitch, whose work at CrowdStrike involved consulting with the DNC after thousands of emails were leaked by WikiLeaks, an organization that publishes nonpublic information. “But this is now the new normal. It’s useful not just to steal information but also for the purposes of blackmail, holding data hostage and these strategic leaks that have taken place.”
The growing importance of threat intelligence. While the threat landscape is increasingly sophisticated, there are new tools and practices for enterprises of all sizes to exploit. One key, revolutionary tool, said panelists, is threat intelligence networks. With these networks, institutions are breaking with convention in hunkering down after a breach. They are instead sharing knowledge and collaborating to predict future threats.
“The evolution from information sharing—which was often very piecemeal and slow, and organizations were keeping their information guarded— to intelligence sharing has been a good trend over the past year,” said Ed Skoudis, the founder of New Jersey-based Counter Hack. “Rather than giving specifics of the details of a given hack, which most institutions didn’t want to do—sharing threat intelligence is a very good thing because now you’re sharing specifics about the bad guys, the actors, and their techniques. It’s a big change.”
Inskeep noted this cultural shift as yielding true innovation in the cybersecurity space. “It’s one of the most exciting things we have going on here,” he said.
Consolidation of security technologies under a single provider. Inskeep noted that many medium-sized enterprises have begun to look toward consolidation of security vendors rather than chasing a best-of-breed approach. While he noted that the one-vendor approach has yet to take hold among enterprises, medium-sized companies have embraced it. “I haven’t seen a lot of top companies moving away from their best-of-breed purchasing habit toward buying a consolidated solution from one company. In the medium-sized space, consolidation is being driven by the opportunity to be your one solution for everything,” he said.
For security buyers, the landscape has been altogether too fragmented, echoed Wendy Nather, principal security strategist at Duo Security. “Rather than creating new categories, we need to consolidate use cases, she said.
Machine learning and analytics. Finally, as the scale of attacks and scope of data increase exponentially, security pros need help to address that scale, and they can’t do it alone. “There has been an increase in interest in using machines to help threat analysis, analysis of vulnerabilities and to augment people and to find the needle in the haystack … versus previous years,” Inskeep observed.
“When you’re dealing with so much data, you have to leverage machines, the use of deep learning to make breakthroughs,” Alperovitch said. “It will never replace humans; you will need humans to analyze and help validate results.”
While automation may in fact augment our ability to identify and prevent attacks, artificial intelligence is also a new domain. Those engineering intelligent systems have to architect for human analysis as a key part of the process.
These are just some of the key themes we will explore this week at RSA. Stay tuned, and give us your feedback.
Managing Editor, Cisco.com