Critical Considerations: Protecting Against Advanced Threats Requires Advanced Security
The year 2014 was widely labeled as the Year of the Breach — particularly among media sites that love a good headline. Some even called it the Year of the Mega Breach, and there were some biggies: Home Depot, JP Morgan Chase, eBay, and Sony Pictures, to name a few. Fast forward a year and 2015 is already being labeled as (wait for it)… the Year of the Breach. Again. More than 700 big ones worldwide, according to the Identity Theft Research Center (ITRC), and up to 200 million personal records exposed. The breaches span most verticals: government and banking and finance are there, as always, but healthcare was also hard hit in 2015, and the business sphere did not escape either.
Organizations face an almost impossible mission to defend against aggressive, innovative, and well-motivated hackers that readily trade information, exploits, and expertise. Cybercriminals are able to put together “Ocean’s Eleven”-style dream teams to address each stage of the kill chain in meticulously planned, sophisticated attacks on their chosen targets. Facing off against them are often understaffed IT departments trying to defend against threats while maintaining operations, supporting business, and keeping a lid on the budget. The necessity to remain competitive limits discourse with their peers and thus practically eliminates the benefits such discourse could bring.
Traditional security technologies are no longer sufficient to protect against the enormous volumes of unknown malware being released each day, nor to cope with the increasingly sophisticated methods used to avoid detection. Security solutions vendors face tough questions around the seemingly continuous stream of very public breaches-despite-investment. The effectiveness of traditional signature-based antimalware solutions has been on the wane for years, and the shift to 3rd Platform architecture, remote workers, and mobile devices has exploded the secure perimeter where organizations used to concentrate their defenses. These shifts have compelled vendors and their customers to rethink security, and a new wave of providers and solutions has entered the market bringing advanced and architecture-relevant defense.
So-called next-generation security solutions take various approaches to protecting modern IT architectures, but at the heart of many of those new technologies are recurring elements of threat intelligence, anomaly detection, advanced mathematical models, big data and analytics, machine learning, and contextual awareness. Those techniques might be applied to endpoint protection, monitoring application activity, user behavior, or network traffic. Furthermore, a key element for all of these approaches is real-time operation, triggering preventive mechanisms that block malicious behavior before payload execution.
With regards to third platform architecture, mobile devices have been highlighted in numerous studies as being a major new weakness in terms of providing an access point to corporate networks; and if the device itself doesn’t provide a vulnerability, then very often the mobile applications installed upon it will. Consequently, a further set of rapidly developing protective solutions focus on mobile device management, mobile data management, mobile application management, containerization, app wrapping, encryption, and so on. Social networks, another 3rd Platform force, are also increasingly targeted with everything from fake accounts and account hijacking to watering hole attacks, and these will increasingly be in the limelight in 2016 as another component that organizations must try and secure.
The emerging wave of advanced security not only comprises software solutions and appliances, but also global networks of security operations centers (SOCs) monitoring and analyzing malicious traffic and providing preventive services to their customers. It’s important to note that building a SOC alone is no guarantee of success, and lessons are being learned all the time about how to track the appropriate system metrics, how to connect and automate alerts with responses, and many more crucial elements that make sure the capabilities of the SOC translate to increased security for the customer. Nevertheless, the move to threat intelligence-based security protection should carry particular resonance in CEE in 2016, as it brings benefits to both large organizations that struggle to protect the whole of their IT architecture and to SMEs that have neither the resources nor the expertise to stay abreast of threat developments and consequently require expert services to fill that gap.