Modern field guide to security and privacy

Does your security think?

Today, as a nation, we are plagued by attacks from cyber criminals who range from ideologically motivated individuals and groups to well-financed nation-state bad actors.  They seek to disrupt our commerce, steal our money and assets and create uncertainty that we have only seen previously in the physical world. 

The last four months we have seen breaches that forced Sony to stop a major-movie release and over 80,000 Anthem customers had their personally identifiable information (PII) release into the wild. Government organizations need to be educated and armed to make sure there are fully protected from unknowingly unleashing nation secrets. Private and public sector are joining to fight this battle, but where does one start?

Begin your battle plan by knowing your world.

  1. Are there cyber attackers in your network? Your organizations are increasingly connected, extending your network’s perimeter and making it porous. Cyber attackers are like a social disease: they can be invisible to the naked eye and a network may only be as safe as the last outside network to which it connected. That includes the home computers of employees and clients. The explosion of mobile workers and the shift to cloud services means that applications and data extend far beyond an organization’s highly secure data center. Workers’ laptops and mobile devices may get infected at a coffee shop, and that infection will be carried right past any physical security check point. Each provides a link through which hackers can enter. So we are left protecting ourselves not only from our enemies but also from the security lapses of our friends.
  2. What threats are you protecting against? Cyber threats are defeating current security controls and attempts to add more perimeter controls are failing. Organizations must defend against high-volume, opportunistic threats and more damaging targeted attacks. The most worrisome threats are stealthy and persistent, often unfolding in stages over days, weeks or even months. Attackers remotely direct the initial compromise, spreading laterally and shape-shifting to achieve their end goal. 
  3. Have you gone beyond perimeter protection?  The reality is that each prevention-centric product has only one imperfect chance to identify a threat before its slips past the perimeter into the network. A firewall or IPS monitors network traffic for matches with signatures and reputation lists, which is akin to matching the word “blackbriar” to a conversation in the Bourne Supremacy or only looking for criminals who only live in specific zip codes. The success of this approach depends on attackers reusing the same malware and systems, but the breaches of the past year prove that attackers morph malware, move around and disguise the communications in encrypted channels. Once a cyber attacker has gained a foothold inside the network, they are free to begin their exploitation. The perimeter defenses are blind to any further activities.
  4. Do you have an unending staff to combat this war? Cyber security is an asymmetric war and Government IT departments have limited resources to deploy against the exponential pace of cyber threats. An experienced security analyst may need weeks to properly tune a firewall or IPS so that it is operationally effective. Isolating a newly discovered threat can mean a very long day of sifting through innumerable alerts. Network security has always been a complex affair, but now it is so convoluted that big-data analytics companies are getting into the security business. And there simply aren’t enough highly skilled (and highly compensated) security analysts to meet the demand.

Cyber attackers are already in our networks and we may only have evidence once they have stolen or destroyed key assets as in the case of Sony, Morgan Stanley and Anthem. Cyber threats have shifted from commodity DDoS attacks to more damaging targeted attacks with attackers going undetected for months like a sleeper cell. Our perimeter security is failing and there aren’t enough talented personnel to throw at the problem.

Organizations need automated breach detection to identify the active phases of an attack. These tools would package all the experience, skills and ingenuity of the best security analyst into software. The ‘Software as an Analyst’ would detect the behavior and movements of the sleeper cell, in real time, to prevent loss or damage. Imagine software that can detect and predict a cyber attacker’s next move rather than hiring a forensic analyst to reconstruct an attack. Imagine this software running in real time, everywhere, fully automated.

Vectra Networks. Security that thinks.  Watch it think for you.

Watch this video to see how targeted attacks occur & how to mitigate data loss

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.