Page 19 - Security Today, January/February 2019
P. 19
would come to fruition.
As we fast approach the 2020s, cybercrime may prove to be the
catalyst that reignites the drive to bring the two sides together, rede- fining convergence.
The Ever-evolving Cyber Threat Landscape
Just when we thought we had a handle on the methods that cyber- criminals deploy to breach our networks and steal our data, the cyber threat landscape changes. While first lines of defense, such as firewalls and anti-virus software, can be effective at identifying and potentially stopping known forms of malware and viruses attacking companies every day, they are blind to signature-less and zero-day malicious activ- ity used by black hat hackers today. Unfortunately, this trend does not show signs of abating, as internal security processes are having trouble keeping up with increasingly sophisticated and pervasive threats.
Adding insult to injury, cyberattacks can often go undetected for weeks, months or even years before being discovered. Often referred to as the Breach Detection Gap (BDG) or dwell time, it is defined as the time elapsed between the initial breach of a network by an attacker and the discovery of that breach by the victim. According to global statistics, a recent Ponemon shows dwell time for malicious attacks has stretched to an average of 229 days.
Verizon, in its 2016 Data Breach Investigations Report, calls this lapse the Detection Deficit and re-enforces the fact that cyber security compromises can happen in minutes, but discovery can take days or longer. This report also found that less than 10 percent of breaches were discovered by internal means and were usually brought to light by third parties. One final blow to combatting cyberattacks for many organizations is the relatively shallow pool of talent available to help companies fight these threats from within.
Is There Light at the End of the Tunnel?
The short answer is yes, and it is not a train barreling down the tracks. The key to helping secure our networks and precious data, the life blood of every organization, is multi-fold.
The first step should be collaboration between all concerned par- ties within a company, particularly between the offices of the CSO and CISO. Understanding the needs and concerns of both organiza- tions is key to defining and designing a holistic security plan that protects both physical and virtual assets.
The second step should encompass a comprehensive cyber se- curity training program for every employee. It is well documented that many breaches occur when an employee inadvertently opens a contaminated email or visits a “dark” website. This training program should also emphasize the need for strong passwords that are changed often, keeping firewall and anti-virus software up-to-date with the latest patches and never fall into the trap of “set it and forget it.”
Embracing the latest in technology is a crucial next step. It seems like every day a new tool or technology is brought to light to help combat the cyber security problem. The crux of the problem is find- ing what is right for you and your specific cyber needs.
You Don’t Have to Go it Alone
Let’s look at the various resources that are available to you. It is safe to say that firewalls and anti-virus software are fairly well known and understood, but have you considered embracing a managed and monitored firewall and anti-virus program? Engaging a third-party provider to deliver these services can help ensure that your solutions are always up-to-date, communicating with each other and moni- tored for potential breaches 24/7/365.
Relatively new on the scene are managed detection and response (MDR) services. General characteristics of a MDR services are:
• Vendor-provided technology for threat detection.
• Monitoring and analysis by human security analysts.
• Using threat intelligence or data analytics.
MDR services notify clients of verified incidents only. The noti- fications provide granular detail of the scope and severity of an in- fection with recommendations for quick containment and response. MDR services offer 24/7/365 continuous monitoring of customer network data, provide analysis of the data to add context to the event and then notify the customer of the incident. With MDR services, clients typically have more direct communication with the security analyst and rely less on using a portal for alerting, investigations, case management and workflow activities.
MDR services rely on advanced tools and human analysis, so they are more apt to uncover malicious activity that has breached the first line of defense offered by firewalls and anti-virus software and can re- duce the time from infection to detection sometimes in minutes rather than months. They are meant to complement or fill gaps in existing security operations.
There are also Managed Security Providers (MSP) and Managed Security Services Providers (MSSP). An MSP typically manages de- vices such as switches and routers whereas an MSSP focuses more on managing firewalls and anti-virus software.
Many companies are also turning to security only networks. The benefits of a dedicated security-only network are multi-faceted: a se- curity-only network can deliver a higher level of protection and offers faster speeds, more band-width with easier access for loss prevention and security teams—while not impacting business critical systems. Deploying a standardized implementation across multiple locations can also provide a lower cost alternative to traditional networks.
Further benefits to a security-only network include nearly unlim- ited access for applications, such as the remote monitoring of video or conducting remote investigations. This can provide investigators with immediate access to video and supporting data to help reduce travel, associated expenses, and the overall time it takes to conduct the investigations.
Selecting the Right Cyber Security Partner
When choosing a third-party expert to help with your cyber security needs, it is important to look at their pedigree as it relates to training, certifications and resources. Companies providing security services in the arena should be Cisco Cloud and Managed Services Express Partner Certification, Meraki Certified, SonicWALL Certified and hold security product-specific certifications. Cisco Cloud and Man- aged Services Express Partner certification recognizes companies that have attained the expertise in the planning, design, implementation and support of cloud or managed services based on Cisco platforms. Equally as important, your partner should be certified in new and emerging technologies such as Palo Alto Networks and Fortinet.
As cyber threats become more and more sophisticated, your ap- proach to combating them needs to be as well. Whether it is through the use of MDR services, managed firewall services, enhanced em- ployee education or a combination of tools available to us, fighting cybercrime needs to be one of our highest priorities.
Today, criminals not only breach our facilities by breaking in through doors and windows but now breach our data by breaking into our networks.
Morgan Harris is the senior director of Enterprise Solutions for ADT.
1 (Source: https://www.gemalto.com/press/Pages/ First-Half-2017-Breach-Level-Index-Report-Identity- Theft-and-Poor-Internal-Security-Practices-Take-a- Toll.aspx)
2 Accenture’s 2017 Cost of Cybercrime Survey con- ducted in conjunction with Ponemon Institute
3 EY’s Global Information Security Survey, 2016-17.
WWW.SECURITYTODAY.COM 19