Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

The Past, Present, and Future of Cyber Security

It’s No Longer Feasible to Manage Threats Individually, Given the Sheer Volume of Security Gaps That Exist.

It’s No Longer Feasible to Manage Threats Individually, Given the Sheer Volume of Security Gaps That Exist.

Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage. The result is often lengthy dwell times and asynchronous iterations that limit the effectiveness of cyber security programs. This begs the question what is holding us back from prevailing against cyber-attacks. And more importantly, what are emerging approaches that allow organizations to transition from a traditional domain expert model to an interactive, iterative, and collaborative model. 

According to Gartner (see ‘Designing an Adaptive Security Architecture for Protection from Advanced Attacks’, January 2016), enterprises often make the mistake of implementing a reactive, rather than pro-active approach to cyber security. They often rely on blocking techniques, which are proven to be ineffective.

How Manage Cyber Threats EfficientlyOne of the biggest problems in cyber security today is how to manage the volume, velocity, and complexity of data generated by the myriad of IT security tools in a typical enterprise. Feeds from these disconnected, siloed tools must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. Ultimately, this data aggregation and analysis requires legions of staff to comb through massive amounts of data to connect the dots and find the needle in the haystack. These efforts can take months, during which time attackers can exploit vulnerabilities and extract data. 

Even if an organization can hire enough qualified resources to perform this analysis, they often misalign remediation efforts by relying on internal security intelligence that lacks context regarding active threats and which specific vulnerabilities they are exploiting. Without taking external threat data and business criticality into account, security teams can focus on mitigating the wrong gaps. In many cases, just reacting to past threats rather than taking a pro-active approach based on predictive analytics to shut the window of opportunity before attackers can take advantage of it. 

Let’s consider the key factors that limit the effectiveness of cyber security programs.

One Dimensional View

First, many organizations, and even vendors, are still focusing on the network layer, while barely acknowledging other areas of the attack surface; for example, the application layer. What’s needed instead is a holistic view of the attack surface, to match the strategies and capabilities of adversaries. The Verizon 2016 Data Breach Report confirms this. The network layer and end points are only one piece of the puzzle. The attack surface has grown dramatically and therefore security practices should align accordingly.

Advertisement. Scroll to continue reading.

CVE-Focus

Second, most vulnerability management tools rely on Common Vulnerabilities and Exposures (CVE), which can lead to a misalignment of resources and efforts. The POODLE vulnerability is a good example, which occurred in 2014. At the time it was published, it received a 5.5 rating by the National Vulnerability Database (NVD). It’s a common practice to filter vulnerabilities and only take action on those with a CVE value of 7 or higher. Using this model, the POODLE vulnerability would have been ignored. Finding out early that it was spawning hundreds of thousands of attacks, would have enabled organizations to adjust their remediation priorities to address the POODLE threat. This incident illustrates the importance of contextualizing internal security intelligence with external threat data. 

To improve the odds of defeating cyber-attacks, organizations can implement the following three best practices:

1. Given the shortage of qualified security professionals, leverage technology to automate as many security operations tasks as possible.

2. Increase the frequency of security posture assessments as propagated by the National Institute of Standards and Technology’s “continuous monitoring and diagnostic” guidelines.

3. Lastly, extend protection measures to address today’s growing attack surface. This includes moving beyond the network layer and endpoints, to include applications, databases, cloud environments, the Internet of Things, etc.

It’s no longer feasible to manage threats individually, given the sheer volume of security gaps that exist. A holistic, risk-based approach that considers both security posture and business impact can reduce attack surfaces and reduce the dwell time during which vulnerabilities can be exploited.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...