Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Protection Revolution – A Needed Counter to Attacks

The Industrial Revolution changed the world forever, creating faster, better, and more efficient sectors of the economy. Drawing on parallels to this important period of history, much has been written about the “Industrialization of Hacking” which has created a faster, more effective, and more efficient sector aimed at profiting from attacks to our IT infrastructure.

The Industrial Revolution changed the world forever, creating faster, better, and more efficient sectors of the economy. Drawing on parallels to this important period of history, much has been written about the “Industrialization of Hacking” which has created a faster, more effective, and more efficient sector aimed at profiting from attacks to our IT infrastructure. Fueled by the convergence of mechanized and process-driven methods, economic and political incentives, weak links in the security chain, and new vulnerabilities in evolving business models, hackers are executing more sophisticated and damaging attacks. This era is profoundly changing how we must protect our systems, driving us to think about how to evolve our approach to cybersecurity.

Network SecurityAs security professionals, we need to follow a similar trajectory to hackers and apply lessons learned from the Industrial Revolution to become faster, more efficient, and more effective in our sector: a “Protection Revolution,” if you will. Just as technologies and capabilities for attackers have improved, so have technologies and capabilities for defenders. This gives us a unique opportunity to move toward security systems built on a foundation of broad-based visibility, depth of data collection, the ability to learn through correlation and context, and then dynamically apply controls.

Hacking has evolved over time and protection will evolve over time as well. It requires moving across a scale of controls that include static, human intervention, semi-automatic, dynamic, and predictive, as outlined below:

Static – An environment in which critical controls exist but the visibility and intelligence needed to update them do not. Many traditional, point-in-time security technologies work this way with defenders needing to wait for vendors to update protections. This approach worked fairly well when basic PC viruses were the primary method of attack. But today, in and of themselves, they don’t provide defenders with what they need to properly assess their security posture and make adjustments in real time. In some deployments, however, these process-laden controls are intended to be static to meet regulatory compliance mandates. And while they do provide a baseline of protection, they still lack the agility to protect and scale in a constantly changing environment.

Human intervention – Visibility and intelligence is available, but defenders still need to manually change controls. Labor-intensive intervention isn’t sustainable given the pace and complexity of attacks and the cybersecurity skills shortage. Although static controls are the reality of most organizations today, more Security Operations Centers (SOC) are being built to compensate for the lack of flexibility and agility of these controls and a dearth of trained internal staff. Reliance on human intervention to make security adjustments is no match for modern threats that use new methods that make it easier, faster, and cheaper to launch attacks, penetrate the network, and change rapidly as they progress through the enterprise.

Semi-automatic – Defenders have visibility and intelligence and, in select cases, they trust it enough to allow certain systems to automatically apply some controls. However, for the most sensitive data – given that not all data protection is created equal – they will allow the system to automate and generate recommendations but still require a human to review and press the button to apply. But that highly-sensitive data is precisely the type of data that well-funded and fast-moving attackers target. Unfortunately, practitioners lack confidence that they have the right intelligence to make decisions. They tend to revert back to human intervention, leaving open a window of opportunity for attackers. In semi-automatic environments protection begins to evolve, but it is not sufficiently standardized, mechanized, and process-driven to be as effective as required.

Dynamic – Defenders use visibility and intelligence to rapidly adapt security policies and enforcement in real time based on what is seen and learned to reduce the surface area of attack or remediate compromise. Dynamic controls are about high degrees of automation, where security systems automatically respond to threats. Automation was at the heart of the Industrial Revolution and it is at the heart of the Protection Revolution. It is the only way to combat modern attacks that circumvent protection using methods such as port/protocol hopping, encrypted tunneling, droppers, and blended threats and techniques incorporating social engineering and zero-day attacks. These attacks change rapidly as they progress through the enterprise seeking a persistent foothold and exfiltrating critical data. With dynamic controls, security practitioners increase degrees of automation based on ‘adaptive trust’ or increased confidence in devices, users, and applications over time. And they can deploy the right technologies as needed, for ultimate flexibility. Dynamic controls already exist and are required to meet the new security pressures of mobility, cloud, and the Internet of Things (IoT) and Everything (IoE).

Predictive – Predictive doesn’t necessarily mean seeing an attack before it happens, but leveraging machine learning and advanced analytics to learn and improve intelligence continuously, leading to the prioritization of controls, protection, and remediation. As I discussed in my last article, the foundations of predictive technologies exist but are in their early days. Over time they will continue to evolve and improve, unleashing the full power of a new era in protection.

Advancing our security controls isn’t going to happen overnight. But we are well on our way with technology and capabilities that are already headed in this direction, implementing dynamic controls to see more, learn more, and adapt quickly. How we move, the rate at which we move, and where we end up along the scale will vary based on our existing models and infrastructure, industry requirements, available resources, and experiences. But one thing is certain. We are all better served by a new era that revolutionizes how we protect ourselves from cyber attacks.

Advertisement. Scroll to continue reading.
Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.