Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Good News for Control Freaks: Help is on the Way

If you are in the business of security, chances are your middle name is “control.” You could call it a behavioral bias, an occupational hazard, or just a tendency for those that are trying to keep some assembly of order in the chaotic world of cyber threats.

If you are in the business of security, chances are your middle name is “control.” You could call it a behavioral bias, an occupational hazard, or just a tendency for those that are trying to keep some assembly of order in the chaotic world of cyber threats.

Regardless, our world is ultimately about controlling the bad guys. Or, trying to control the bad guys – if this was only possible.

But try we must, and we can certainly cut the possibility of risk down significantly if we put the right controls in place.

Security Controls Battle the Bad Guys

There is a never-ending battle between good and evil in the cyber world and to provide guidance, there are plenty of control sets on the market today. Security controls are safeguards and counteract or minimize security risks relating to digital property. Some examples include the SANS critical controls, ISO/IEC 27002, NIST, and the Cloud Controls Matrix from the Cloud Security Alliance.

IT Network

All of these can be incredibly useful tools to guide blocked traffic, allowed traffic, and traffic that causes alerts. The more you can automate a control, the better off you will be. For example, if Internet Protocol (IP) 123.45.678.9 generates an alert, then every time a packet from that specific IP address comes across, a block will be executed. This process will continue to repeat at every firewall control point. Think of it like an army of Robocops that carry out consistent rules at various points across the network.

Sounds good, right? Well, the problem is that attackers continue getting smarter and finding new ways to evade these good, but somewhat static controls. Many would say this is because controls are published (by definition), therefore allowing the bad actors to know exactly what they are up against. The smart ones have countermeasures to evade static protections, whether it be to get around anti-virus, trick the Intrusion Prevention System (IPS), or perform brute force through a password sequence.

What we need are stronger controls. And we are starting to see this with the new wave of threat intelligence services that work in tandem with context-based security controls.

Threat Intelligence and Context-based Security Controls Unite

First, there are some great sources for threat intelligence coming from a variety of sources including security companies, the government and the open source community. Researchers are striving to identify new threats and get protection to the masses as quickly as possible. Key to the success is publishing intelligence in a variety of data structures, including STIX, TAXI and other standard industry formats to best describe threats in a way that can be aggregated and understood by others. We are seeing more companies aggregating and sharing this type of data, which is a critical step in the right direction.

Second, we are seeing actionable intelligence by way of automated contextual controls starting to emerge. Gartner analyst Lawrence Pingree covers this space and advocates for intelligence awareness security controls, which is supported by his in-depth research paper: Intelligence Awareness and Adaptive Security Response Will Transform Network Firewall Markets. In this report, the basic idea is to correlate data from various sources, including end points, advanced malware detection, IPS, and firewalls that can then be used as the context to recognize and comprehend threats.

Moving towards an adaptive and automated way of applying intelligence based on behavior and heuristics is clearly moving in the right direction to enable a more actionable and relevant set of controls.

If you’re a control freak like me, this is all very good news. 

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...