CONFERENCE NOW LIVE: Threat Detection & Incident Response (TDIR) Summit - Join the Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

The Past, Present, and Future of Cyber Security

It’s No Longer Feasible to Manage Threats Individually, Given the Sheer Volume of Security Gaps That Exist.

It’s No Longer Feasible to Manage Threats Individually, Given the Sheer Volume of Security Gaps That Exist.

Faced with hundreds, thousands, and even hundreds of thousands of vulnerabilities across their IT infrastructures leaves security practitioners at a virtually insurmountable disadvantage. The result is often lengthy dwell times and asynchronous iterations that limit the effectiveness of cyber security programs. This begs the question what is holding us back from prevailing against cyber-attacks. And more importantly, what are emerging approaches that allow organizations to transition from a traditional domain expert model to an interactive, iterative, and collaborative model. 

According to Gartner (see ‘Designing an Adaptive Security Architecture for Protection from Advanced Attacks’, January 2016), enterprises often make the mistake of implementing a reactive, rather than pro-active approach to cyber security. They often rely on blocking techniques, which are proven to be ineffective.

How Manage Cyber Threats EfficientlyOne of the biggest problems in cyber security today is how to manage the volume, velocity, and complexity of data generated by the myriad of IT security tools in a typical enterprise. Feeds from these disconnected, siloed tools must be analyzed, normalized, and remediation efforts prioritized. The more tools, the more difficult the challenge. Ultimately, this data aggregation and analysis requires legions of staff to comb through massive amounts of data to connect the dots and find the needle in the haystack. These efforts can take months, during which time attackers can exploit vulnerabilities and extract data. 

Even if an organization can hire enough qualified resources to perform this analysis, they often misalign remediation efforts by relying on internal security intelligence that lacks context regarding active threats and which specific vulnerabilities they are exploiting. Without taking external threat data and business criticality into account, security teams can focus on mitigating the wrong gaps. In many cases, just reacting to past threats rather than taking a pro-active approach based on predictive analytics to shut the window of opportunity before attackers can take advantage of it. 

Let’s consider the key factors that limit the effectiveness of cyber security programs.

One Dimensional View

First, many organizations, and even vendors, are still focusing on the network layer, while barely acknowledging other areas of the attack surface; for example, the application layer. What’s needed instead is a holistic view of the attack surface, to match the strategies and capabilities of adversaries. The Verizon 2016 Data Breach Report confirms this. The network layer and end points are only one piece of the puzzle. The attack surface has grown dramatically and therefore security practices should align accordingly.

CVE-Focus

Advertisement. Scroll to continue reading.

Second, most vulnerability management tools rely on Common Vulnerabilities and Exposures (CVE), which can lead to a misalignment of resources and efforts. The POODLE vulnerability is a good example, which occurred in 2014. At the time it was published, it received a 5.5 rating by the National Vulnerability Database (NVD). It’s a common practice to filter vulnerabilities and only take action on those with a CVE value of 7 or higher. Using this model, the POODLE vulnerability would have been ignored. Finding out early that it was spawning hundreds of thousands of attacks, would have enabled organizations to adjust their remediation priorities to address the POODLE threat. This incident illustrates the importance of contextualizing internal security intelligence with external threat data. 

To improve the odds of defeating cyber-attacks, organizations can implement the following three best practices:

1. Given the shortage of qualified security professionals, leverage technology to automate as many security operations tasks as possible.

2. Increase the frequency of security posture assessments as propagated by the National Institute of Standards and Technology’s “continuous monitoring and diagnostic” guidelines.

3. Lastly, extend protection measures to address today’s growing attack surface. This includes moving beyond the network layer and endpoints, to include applications, databases, cloud environments, the Internet of Things, etc.

It’s no longer feasible to manage threats individually, given the sheer volume of security gaps that exist. A holistic, risk-based approach that considers both security posture and business impact can reduce attack surfaces and reduce the dwell time during which vulnerabilities can be exploited.

Written By

Dr. Torsten George is an internationally recognized IT security expert, author, and speaker with nearly 30 years of experience in the global IT security community. He regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege for Dummies book. Torsten has held executive level positions with Absolute Software, Centrify (now Delinea), RiskSense (acquired by Ivanti), RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.