Is Your IT Security Infrastructure Intelligent Enough?
Smarter cyber criminals need smarter IT security
e-Espionage: why we need smarter defences
DATA LOSS PREVENTION SYSTEMS
Many IT security vendors offer DLP solutions that promise to prevent accidental or deliberate removal of sensitive information. Assuming you know where all your sensitive information resides, you'll need to classify data by degree of sensitivity to use these systems, and then continuously update the classification as sensitivity changes over time. For many organisations, the set-up and maintenance are just too onerous, especially in light of reality.
With vast, ever-changing amounts of information flowing across our IT networks, the idea that we could control access in finite detail is seductive, but not very practical. Too much business data is unstructured and subject to constant change, or flowing from corporate networks to mobile networks and back.
More to the point, 'enterprises don't know where their unstructured data is' as the former head of enterprise security research at The 451 Group Nick Selby said. 'Putting a box at the gateway doesn't solve the (data loss) problem, but highlights it.' In any case, insiders with privileged access will know their organisations' systems and how to get around them.
MUCH SMARTER CROOKS
Traditional security solutions were conceived back when malware was created by pranksters for fun. Modern malware is designed by highly organised syndicates to steal information for significant profits. It's a key reason e-espionage is growing; it's extremely profitable.
In 2010, the Stuxnet worm showed the world how smart malware can be: it targeted only specific hardware and software combinations of Security Control and Data Acquisition (SCADA) networks, used by industrial, utility and infrastructure companies to monitor and control automated plants. Stuxnet and relatives like Duqu were designed to attack these systems, to steal corporate information or disrupt critical infrastructure without detection.
These developments have clear implications for businesses and government agencies: better tools are needed, not just more of the same. 'As new risks emerge, the focus needs to be on upgrading or transforming the existing capabilities to deal with them,, PWC advises, '... to ensure that the organisation's responses to its security needs fully encompass cyber security.'
MUCH SMARTER DEFENCES
Changes in user behaviour or IT system use can flag malicious or profit-motivated activity, even when other rules based security devices indicate all systems are normal. This is why many organisations which hold highly sensitive data, choose behavioural technologies such as Behaviour Anomaly Detection (BAD).
These intelligent, behaviour-based security systems learn the normal patterns of activity across the enterprise, detect those that are unusual, interpret them in context and alert IT security staff to investigate the discernable threats. This approach provides more reliable defence against informed insiders and organised outsiders, who can easily anticipate the rules and breach the defences of traditional IT security systems.
Furthermore, using behaviour-based technologies to complement rules-only solutions enables detection and response in real time, not days, weeks or months after, which is the legacy of many successful APTs. In addition, as suspicious behaviour can herald an imminent threat from within, immediate assessment can expedite an immediate response, before the damage is done. This real-time, behavioural capability adds the intelligence to existing security systems to match wits with modern smart attackers.
Ultimately, your IT systems must support your business objectives and adapt to business change. 'Success is when IT can enable these dramatic changes in the workplace, not inhibit them,' says John N. Stewart, Chief Security Officer for Cisco. 'We should not focus on specific issues, like whether to allow people to use their iPads at work, because it's a foregone conclusion. Rather, focus on solutions to the bigger business challenge: enabling technology for competitive advantage.'
e-Espionage: why we need smarter defences
DATA LOSS PREVENTION SYSTEMS
Many IT security vendors offer DLP solutions that promise to prevent accidental or deliberate removal of sensitive information. Assuming you know where all your sensitive information resides, you'll need to classify data by degree of sensitivity to use these systems, and then continuously update the classification as sensitivity changes over time. For many organisations, the set-up and maintenance are just too onerous, especially in light of reality.
With vast, ever-changing amounts of information flowing across our IT networks, the idea that we could control access in finite detail is seductive, but not very practical. Too much business data is unstructured and subject to constant change, or flowing from corporate networks to mobile networks and back.
More to the point, 'enterprises don't know where their unstructured data is' as the former head of enterprise security research at The 451 Group Nick Selby said. 'Putting a box at the gateway doesn't solve the (data loss) problem, but highlights it.' In any case, insiders with privileged access will know their organisations' systems and how to get around them.
MUCH SMARTER CROOKS
Traditional security solutions were conceived back when malware was created by pranksters for fun. Modern malware is designed by highly organised syndicates to steal information for significant profits. It's a key reason e-espionage is growing; it's extremely profitable.
In 2010, the Stuxnet worm showed the world how smart malware can be: it targeted only specific hardware and software combinations of Security Control and Data Acquisition (SCADA) networks, used by industrial, utility and infrastructure companies to monitor and control automated plants. Stuxnet and relatives like Duqu were designed to attack these systems, to steal corporate information or disrupt critical infrastructure without detection.
These developments have clear implications for businesses and government agencies: better tools are needed, not just more of the same. 'As new risks emerge, the focus needs to be on upgrading or transforming the existing capabilities to deal with them,, PWC advises, '... to ensure that the organisation's responses to its security needs fully encompass cyber security.'
MUCH SMARTER DEFENCES
Changes in user behaviour or IT system use can flag malicious or profit-motivated activity, even when other rules based security devices indicate all systems are normal. This is why many organisations which hold highly sensitive data, choose behavioural technologies such as Behaviour Anomaly Detection (BAD).
These intelligent, behaviour-based security systems learn the normal patterns of activity across the enterprise, detect those that are unusual, interpret them in context and alert IT security staff to investigate the discernable threats. This approach provides more reliable defence against informed insiders and organised outsiders, who can easily anticipate the rules and breach the defences of traditional IT security systems.
Furthermore, using behaviour-based technologies to complement rules-only solutions enables detection and response in real time, not days, weeks or months after, which is the legacy of many successful APTs. In addition, as suspicious behaviour can herald an imminent threat from within, immediate assessment can expedite an immediate response, before the damage is done. This real-time, behavioural capability adds the intelligence to existing security systems to match wits with modern smart attackers.
Ultimately, your IT systems must support your business objectives and adapt to business change. 'Success is when IT can enable these dramatic changes in the workplace, not inhibit them,' says John N. Stewart, Chief Security Officer for Cisco. 'We should not focus on specific issues, like whether to allow people to use their iPads at work, because it's a foregone conclusion. Rather, focus on solutions to the bigger business challenge: enabling technology for competitive advantage.'
