In an age where technology giant Apple has finally crossed the valuation of the world’s largest oil company ExxonMobil, it’s pretty evident that we live in a digital economy where data is the new oil. This same digital economy enables, fuels, and supports cyber crime. Cyber security threats are ubiquitous and devastating. In 2011 alone, companies such as Google and Sony have lost billions of dollars in market capitalization as an indirect outcome of cyber attacks perpetrated against them.
While the universe of risk and compliance requirements continues to expand, the tolerance for failure continues to decrease, be it from a market, regulatory or legal perspective. A collaborative effort is required to combat cyber security threats being faced today. As cyber crime becomes organized, the way we perceive cyber security threats and defend against them must also evolve.
Typically with cyber security threats and attacks today, hackers infiltrate systems and conduct the crime for extended periods of time, making early detection essential. Let us take a look at how the traditional cyber security model is crumbling, and consider the steps your enterprise can take to avoid becoming a victim of the next cyber security breach.
Traditional cyber security’s failure
Cyber security threats and attacks are smart and organized, driven by well-financed, determined perpetrators. Given this scenario, a more coordinated approach to countering cyber security threats is vital. Traditional security is designed with disparate controls and enforcement at each technology tier, lacking business context. It seeks to harden the perimeter against external attacks and focuses on controlling access. Moreover, the hybrid infrastructure in use today makes management a nightmare. Signature-based defense is largely becoming irrelevant, and the advent of cloud and virtualization is eliminating choke points which could be monitored earlier.
Countering cyber security threats with a security model based on layers and bolt-on techniques is passé. The traditional model uses different security solutions at different levels — users (user provisioning), application (identity and access management), data (encryption), devices (AV, endpoint) and network (firewall, email security) — in a non-harmonized attempt to secure each layer of the IT environment. While enterprises spend millions to secure these layers, attackers are simply finding gaps and slipping through.
Protection against today’s cyber security threats
There are three key ingredients to a cyber security breach: vulnerability, exploit and opportunity. The absence of any one of these elements makes it more difficult for an attacker. To successfully protect against advanced cyber security threats you need to be able to visualize, understand and respond. Here’s how an enterprise can achieve this.
1. Prevent: Prevention is always better than cure. You need to minimize your exposure to cyber security threats to reduce your risk of falling prey to a successful attack.
- IT research firm Gartner finds that 80% of all cyber attacks target the application layer. Another study, conducted by the Web Application Security Consortium, found that out of 12,000 applications tested, 13% could be compromised automatically, while 86% were found vulnerable to automated scanning. When rolling out Web applications and products, always try to remove the vulnerability or patch it, before deploying to production.
- Be aware of vulnerable applications or processes. Prioritize risk in order to focus security efforts to cover key areas against cyber security threats.
- It is cheaper to build security into software rather than bolting it on as and when vulnerabilities are exposed. The bolt-on approach is reactive, and expensive in terms of time and money.
2. Detect: You need to know what is happening in your IT environment. The more information you have, the better prepared you will be. Start planning for real-time monitoring and awareness. Correlation is needed if one is to monitor and detect attacks as early as possible.
- You need complete visibility in order to get the right context and prepare remedial action. Logs can be captured and analyzed, for situational awareness. However, given the number of generated logs, this becomes a formidable task, often resulting in innumerable cyber security threat events and mis-configurations going undetected.
- A centralized security information and event management system (SIEM) helps identify the important stuff in order to distill correlated events out of the deluge of millions of raw events. The ability to distill events can provide a context that will help in prioritizing security.
3. Respond: Once a cyber security threat or vulnerability is found, move quickly to neutralize it. Understanding risks in relation to business or operational objectives helps appropriate and adequate response. A timely and proactive response is crucial to neutralize cyber security threats and breaches. With today’s real-time monitoring systems, cyber attacks can be countered and blocked as they happen.
(This is an extract from a presentation given by Wong Loke Yeow, Regional Evangelist, APJ, HP Enterprise Security on cyber security threats, at e-Crimes India 2011 in Mumbai this month.)
(As reported by Varun Haran)
This was first published in November 2011