[BreachExchange] The Executive Guide to Demystify Cybersecurity
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jun 25 19:51:08 EDT 2018
https://securityboulevard.com/2018/06/the-executive-guide-
to-demystify-cybersecurity/
The world we live in can be a dangerous place, both physically and
digitally. Our growing reliance on the Internet, technology and
digitalization only makes our dependence on
technology more perilous. As an executive, you’re facing pressure both
internally (from customers and shareholders) and externally (from industry
compliance or government regulations) to keep your organization’s digital
assets and your customers’ secure.
New cybersecurity threats require new solutions. New solutions require a
project to implement them. The problems and solutions seem infinite while
budgets remain bounded. Therefore, the challenge becomes how to identify
the priority threats, select the solutions that deliver the best ROI and
stretch dollars to maximize your organization’s protection. Consultants and
industry analysts can help, but they too can be costly options that don’t
always provide the correct advice.
So how best to simplify the decision-making process? Use an analogy.
Consider that every cybersecurity solution has a counterpart in the
physical world. To illustrate this point, consider the security measures at
banks. They make a perfect analogy, because banks are just like
applications or computing environments; both contain valuables that
criminals are eager to steal.
The first line of defense at a bank is the front door, which is designed to
allow people to enter and leave while providing a first layer of defense
against thieves. Network firewalls fulfill the same role within the realm
of cyber security. They allow specific types of traffic to enter an
organization’s network but block mischievous visitors from entering. While
firewalls are an effective first line of defense, they’re not impervious.
Just like surreptitious robbers such as Billy the Kid or John Dillinger,
SSL/TLS-based encrypted attacks or nefarious malware can sneak through this
digital “front door” via a standard port.
Past the entrance there is often a security guard, which serves as an IPS
or anti-malware device. This “security guard,” which is typically
anti-malware and/or heuristic-based IPS function, seeks to identify unusual
behavior or other indicators that trouble has entered the bank, such as
somebody wearing a ski mask or perhaps carrying a concealed weapon.
Once the hacker gets past these perimeter security measures, they find
themselves at the presentation layer of the application, or in the case of
a bank, the teller. There is security here as well. Firstly, authentication
(do you have an account) and second, two-factor authentication (an ATM
card/security pin). IPS and anti-malware devices work in
concert with SIEM management solutions to serve as security cameras,
performing additional security checks. Just like a bank leveraging the
FBI’s Most Wanted List, these solutions leverage crowd sourcing and
big-data analytics to analyze data from a massive global community and
identify bank-robbing malware in advance.
THE EXECUTIVE GUIDE TO DEMYSTIFYING CYBERSECURITY
A robber will often demand access to the bank’s vault. In the realm of IT,
this is the database, where valuable information such as passwords, credit
card or financial transaction information or healthcare data is stored.
There are several ways of protecting this data, or at the very least,
monitoring it. Encryption and database
application monitoring solutions are the most common.
ADAPTING FOR THE FUTURE: DDOS MITIGATION
To understand how and why cybersecurity models will have to adapt to meet
future threats, let’s outline three obstacles they’ll have to overcome in
the near future: advanced DDoS mitigation, encrypted cyberattacks, and
DevOps and agile software development.
A DDoS attack is any cyberattack that compromises a company’s website or
network and impairs the organization’s ability to conduct business. Take an
e-commerce business for example. If somebody wanted to prevent the
organization from conducting business, it’s not necessary to hack the
website but simply to make it difficult for visitors to access it.
Leveraging the bank analogy, this is why banks and financial institutions
leverage multiple layers of security: it provides an integrated, redundant
defense designed to meet a multitude of potential situations in the
unlikely event a bank is robbed. This also includes the ability to quickly
and effectively communicate with law enforcement.
In the world of cyber security, multi-layered defense is also essential.
Why? Because preparing for “common” DDoS attacks is no longer enough. With
the growing online availability of attack tools and services, the pool of
possible attacks is larger than ever. This is why hybrid protection, which
combines both on-premise and cloudbased
mitigation services, is critical.
Why are there two systems when it comes to cyber security? Because it
offers the best of both worlds. When a DDoS solution is deployed
on-premise, organizations benefit from an immediate and automatic attack
detection and mitigation solution. Within a few seconds from the initiation
of a cyber-assault, the online services are well protected and the attack
is mitigated. However, on-premise DDoS solution cannot handle volumetric
network floods that saturate the Internet pipe. These attacks must be
mitigated from the cloud.
Hybrid DDoS protection aspire to offer best-of-breed attack mitigation by
combining on-premise and cloud mitigation into a single, integrated
solution. The hybrid solution chooses the right mitigation location and
technique based on attack characteristics. In the hybrid solution, attack
detection and mitigation starts immediately and automatically using the
on-premise attack mitigation device. This stops various attacks from
diminishing the availability of the online services. All attacks are
mitigated on-premise, unless they threaten to block the Internet pipe of
the organization. In case of pipe saturation, the hybrid solution activates
cloud mitigation and the traffic is diverted to the cloud, where it is
scrubbed before being sent back to the enterprise. An ideal hybrid solution
also shares essential information about the attack between on-premise
mitigation devices and cloud devices to accelerate and enhance the
mitigation of the attack once it reaches the cloud.
INSPECTING ENCRYPTED DATA
Companies have been encrypting data for well over 20 years. Today, over 50%
of Internet traffic is encrypted. SSL/TLS encryption is still the most
effective way to protect data as it ties the encryption to both the source
and destination. This is a double-edged sword however. Hackers are now
leveraging encryption to create new,
stealthy attack vectors for malware infection and data exfiltration. In
essence, they’re a wolf in sheep’s clothing.
To stop hackers from leveraging SSL/TLS-based cyberattacks, organizations
require computing resources; resources to inspect communications to ensure
they’re not infected with malicious malware. These increasing resource
requirements make it challenging for anything but purpose built hardware to
conduct inspection.
The equivalent in the banking world is twofold. If somebody were to enter
wearing a ski mask, that person probably wouldn’t be allowed to conduct a
transaction, or secondly, there can be additional security checks when
somebody enters a bank and requests a large or unique withdrawal.
DEALING WITH DEVOPS AND AGILE SOFTWARE DEVELOPMENT
Lastly, how do we ensure that, as applications become more complex, they
don’t become increasingly vulnerable either from coding errors or from
newly deployed functionality associated with DevOps or agile development
practices? The problem is most cybersecurity solutions focus on stopping
existing threats. To use our bank analogy again, existing security
solutions mean that (ideally), a career criminal can’t enter a bank,
someone carrying a concealed weapon is stopped or somebody acting
suspiciously is blocked from making a transaction. However, nothing stops
somebody with no criminal background or conducting no suspicious activity
from entering the bank. The bank’s security systems must be updated to look
for other “indicators” that this person could represent a threat.
In the world of cybersecurity, the key is implementing a web application
firewall that adapts to evolving threats and applications. A WAF
accomplishes this by automatically detecting and protecting new web
applications as they are added to the network via automatic policy
generation.
It should also differentiate between false positives and false negatives.
Why? Because just like a bank, web applications are being accessed both by
desired legitimate users and undesired attackers (malignant users whose
goal is to harm the application and/or steal data). One of the biggest
challenges in protecting web applications is the ability to accurately
differentiate between the two and identify and block security threats while
not disturbing legitimate traffic.
ADAPTABILITY IS THE NAME OF THE GAME
The world we live in can be a dangerous place, both physically and
digitally. Threats are constantly changing, forcing both financial
institutions and organizations to adapt their security solutions and
processes. When contemplating the next steps, consider the following:
Use common sense and logic. The marketplace is saturated with offerings.
Understand how a cybersecurity solution will fit into your existing
infrastructure and the business value it will bring by keeping your
organization up and running and your customer’s data secure.
Understand the long-term TCO of any cyber security solution you purchase.
The world is changing. Ensure that any cyber security solution you
implement is designed to adapt to the constantly evolving threat landscape
and your organization’s operational needs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180625/68244e14/attachment.html>
More information about the BreachExchange
mailing list