The last four months we have seen breaches that forced Sony to stop a major-movie release and over 80,000 Anthem customers had their personally identifiable information (PII) release into the wild. Government organizations need to be educated and armed to make sure there are fully protected from unknowingly unleashing nation secrets. Private and public sector are joining to fight this battle, but where does one start?
Begin your battle plan by knowing your world.
- Are there cyber attackers in your network? Your organizations are increasingly connected, extending your network’s perimeter and making it porous. Cyber attackers are like a social disease: they can be invisible to the naked eye and a network may only be as safe as the last outside network to which it connected. That includes the home computers of employees and clients. The explosion of mobile workers and the shift to cloud services means that applications and data extend far beyond an organization’s highly secure data center. Workers’ laptops and mobile devices may get infected at a coffee shop, and that infection will be carried right past any physical security check point. Each provides a link through which hackers can enter. So we are left protecting ourselves not only from our enemies but also from the security lapses of our friends.
- What threats are you protecting against? Cyber threats are defeating current security controls and attempts to add more perimeter controls are failing. Organizations must defend against high-volume, opportunistic threats and more damaging targeted attacks. The most worrisome threats are stealthy and persistent, often unfolding in stages over days, weeks or even months. Attackers remotely direct the initial compromise, spreading laterally and shape-shifting to achieve their end goal.
- Have you gone beyond perimeter protection? The reality is that each prevention-centric product has only one imperfect chance to identify a threat before its slips past the perimeter into the network. A firewall or IPS monitors network traffic for matches with signatures and reputation lists, which is akin to matching the word “blackbriar” to a conversation in the Bourne Supremacy or only looking for criminals who only live in specific zip codes. The success of this approach depends on attackers reusing the same malware and systems, but the breaches of the past year prove that attackers morph malware, move around and disguise the communications in encrypted channels. Once a cyber attacker has gained a foothold inside the network, they are free to begin their exploitation. The perimeter defenses are blind to any further activities.
- Do you have an unending staff to combat this war? Cyber security is an asymmetric war and Government IT departments have limited resources to deploy against the exponential pace of cyber threats. An experienced security analyst may need weeks to properly tune a firewall or IPS so that it is operationally effective. Isolating a newly discovered threat can mean a very long day of sifting through innumerable alerts. Network security has always been a complex affair, but now it is so convoluted that big-data analytics companies are getting into the security business. And there simply aren’t enough highly skilled (and highly compensated) security analysts to meet the demand.
Cyber attackers are already in our networks and we may only have evidence once they have stolen or destroyed key assets as in the case of Sony, Morgan Stanley and Anthem. Cyber threats have shifted from commodity DDoS attacks to more damaging targeted attacks with attackers going undetected for months like a sleeper cell. Our perimeter security is failing and there aren’t enough talented personnel to throw at the problem.
Organizations need automated breach detection to identify the active phases of an attack. These tools would package all the experience, skills and ingenuity of the best security analyst into software. The ‘Software as an Analyst’ would detect the behavior and movements of the sleeper cell, in real time, to prevent loss or damage. Imagine software that can detect and predict a cyber attacker’s next move rather than hiring a forensic analyst to reconstruct an attack. Imagine this software running in real time, everywhere, fully automated.
Vectra Networks. Security that thinks. Watch it think for you.