[BreachExchange] Why modernize the enterprise security stack? Recent breaches point the way

Audrey McNeil audrey at riskbasedsecurity.com
Wed Jan 23 16:04:27 EST 2019


https://www.scmagazine.com/home/opinion/why-modernize-the-enterprise-security-stack-recent-breaches-point-the-way/


Cathay Pacific, Eurostar, British Airways – it’s fair to say last October
was a bit of a nightmare for security departments across the world, and for
consumers. And the Marriott breach in November was equally horrific. Cathay
Pacific lost the details of 9 million customers; whilst BA’s most recent
hack saw 380,000 transactions affected – which was particularly
embarrassing as it was seemingly conducted by the same group that targeted
the business earlier in the year. These are large organizations that no
doubt invest heavily in security; they would have had a raft of tools in
place to prevent such attacks and a talented team of security professionals
on-hand to mop up the mess. Yet the breaches keep on coming, why?

Sometimes, one click is all it takes

While hackers are certainly investing in new tools and methods, they are
also relying on old tricks to gain a foothold in enterprise defenses. The
most common causes of breaches remain the same as they have been for some
time: the user. Hackers will hijack commonly used applications and
browsers, such as Facebook, Outlook or Chrome, in order to trick people
into clicking on malicious links, downloading files or opening attachments.
Many organizations have responded by putting restrictive IT policies in
place, preventing users from using such sites and applications. However,
this approach isn’t always popular with workers who like to surf the web at
lunch and is completely impractical for others that need more freedom to
perform their job. For instance, how can a marketing professional avoid
using social media or a HR professional avoid opening unsolicited
attachments? So, even if such restrictions are implemented, people will
soon find a way to circumvent them, creating a black hole for security
teams.

User education and training, whilst important, isn’t fool-proof. Phishing
emails and attacks delivered via email are becoming more difficult to
identify. All it took was one click on a phishing email by a Butlins
employee to allow hackers to swipe details of 34,000 people. Meanwhile in
the US, an employee at the Geological Survey was the source of malware on
the network thanks to an “extensive history” of carelessly browsing porn
sites at work. Sometimes you just can’t win. Expecting employees to spot
threats is putting high-value assets at risk because hackers know it only
takes one person clicking on the wrong thing to trigger a breach.

Cybersecurity investment not providing good ROI

Yet users should not be expected to put up a last line of defense against
threats; that’s not their job, it’s the responsibility of the security
team. However, we are seeing security struggle to meet the demands of
today’s enterprise, as the current approach to layered defense security is
built on the false premise that you can predict the future. Gartner
predicts worldwide cybersecurity spending is set to increase from $114
billion in 2018 to $170 billion in 2022, yet the majority of this money is
being spent on a fundamentally flawed security architecture that is doomed
to fail, leaving users open to manipulation and attack.

Investments are being made in advanced malware detection, next generation
anti-virus, machine learning and artificial intelligence – all of which are
hailed as the savior of cybersecurity. But these technologies are largely
trying to detect or predict attacks by relying on behavioral analytics and
identifying known threats. We’re increasingly seeing zero-day and other
polymorphic malware being used to evade detection. This malware has not
been seen before and cannot be found on a blacklist, allowing hackers to
simply tweak code and email unsuspecting employees to sail past defenses
with ease. Relying on detection means most hacks are not detected in
real-time. If an employee clicks on a link that downloads polymorphic
malware, protection will only begin once the breach has been triggered.
This is a bit like shutting the door after the horse has bolted.

Modernize the stack to combat the hack

If we’re going to get serious about stopping breaches, then it’s time to be
realistic about the causes. It’s impossible to predict the future, and it’s
not fair to lay the burden of security on the shoulders of employees. Yet,
today’s security stack is doing both.

Organizations need to modernize the enterprise security stack to focus on
protection, ensuring that customer details and other high-value assets are
kept under lock and key. Detection-alone is an outdated concept and cannot
deliver this. To create true cyber-resilience, organizations must adopt
layered cybersecurity defenses that incorporate detection-based solutions
alongside real-time protection, as is provided by virtualization-based
application isolation. Application isolation separates each individual web
page, email, document or task within its own contained virtual machine;
this renders any attack harmless, as the hacker has nowhere to go and
nothing to steal.

As malware is left to run in a safe, isolated environment, security teams
can track the whole kill chain in order to gather intelligence on what the
hacker was trying to do. As a result, security teams can turn a traditional
weakness – i.e. the endpoint – into an intelligence-gathering strength by
using this data to strengthen wider enterprise security.

Don’t hunt for a scapegoat

If organizations are to learn from their mistakes, or those made by others,
then it’s time to admit that the current security stack is fundamentally
flawed. We need to move away from this overreliance on detection alone and
make it harder for hackers to gain a foothold, by protecting users.
Modernizing the security stack helps to ensure customer data is kept safe,
without making employees the scapegoat. If action isn’t taken, then hackers
will continue to penetrate enterprise defenses and make away with the crown
jewels. Cyber threats have evolved, it’s time for today’s security stack to
do the same.

--
#BetterDataMatters - Want to meet up at RSA? Find us at Booth #6285 North
Expo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20190123/45bd2e22/attachment.html>


More information about the BreachExchange mailing list