Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Is Security Doomed to Always React to the Threat?

The horrific news of the attacks in Belgium last week have resulted in predictable calls for increased security by pushing the perimeter back to the airport door. Security-weary air travelers may now be looking forward to outdoor queues to gain access to terminals, in addition to screening already in place.

The horrific news of the attacks in Belgium last week have resulted in predictable calls for increased security by pushing the perimeter back to the airport door. Security-weary air travelers may now be looking forward to outdoor queues to gain access to terminals, in addition to screening already in place.

This pattern of reaction is typical for air travel. We must remove an ever-increasing amount of clothing to get through security screening. We x-ray people now, not just luggage. We can no longer transport normal-sized tubes of toothpaste or hairspray. All thanks to creative attackers who are constantly scheming to find new ways to hide explosives in shoes, underwear or water bottles.

It’s been said that the military is always preparing to fight the last war. Are we doing the same in IT security? Are we doomed to always react to the threat?

A shift towards identity governance and administration

Airport-Security

With the Pre-Check Program, the US Transportation Security Administration (TSA) has already started using identity as a means of filtering threats, or rather reducing the resources focused on low-risk travelers. This is one example of using identity and a risk-based approach to focus resources more proactively.

Identity and access management (IAM) has long been a supporting technology to help IT become more efficient at provisioning access and providing a better user experience. The last four or five years has seen IAM evolve into identity governance and administration (IGA), with a focus on reducing unnecessary access through role management, entitlement discovery and access certification programs. This reduces the vulnerability footprint as a proactive risk-reduction measure.

But there is more that IAM can contribute.

Security needs context

Advertisement. Scroll to continue reading.

While aviation security can use the force of government to mandate the continued outward push of the perimeter, business is feeling the opposite pressure with IT services becoming a competitive weapon for digital businesses. There is a push for more openness even with employees, evidenced by the analyst firm Gartner’s recommendation to use unrestricted access by default and only place access controls on sensitive data.

So what can a security team do to maintain some sense of control?

Using another aviation analogy, the national airline of Israel, El Al, is widely considered to be the most secure in the world. While they have experienced attacks at their ticket counters (the perimeter), they haven’t had an onboard incident since 1970. They attribute this partly to using interviews to filter out the highest-risk passengers for the most scrutiny.

In IT security, analytics is a promising new technology that attempts to do something similar. By understanding normal patterns of behavior, associated with specific identities, abnormal behavior can then be recognized. It is this identity context that security needs most to proactively identify threats as they pass through the now-defunct perimeter.

Eliminate threats at their source

Government has a role to play as well. Last week, the US Department of Justice indicted seven hackers associated with the Iranian government on charges of conducting DDoS attacks against 46 U.S. banks between 2011 and 2013, as well as an attack against a dam in New York state.

These indictments demonstrate a willingness to call out foreign governments for their role in cyber attacks, but it remains to be seen how aggressive the pursuit of justice will be. But raising the cost of cybercrime is a role uniquely suited to governments worldwide. Those governments that overtly sponsor or tacitly overlook the hackers within their borders need to begin paying a price if there is any hope of reigning in the growth in cyber crime.

As an industry that often blames the victims, have we lost sight of the need for pursuing the perpetrators of cyber crime? A more proactive approach would be to deter such crimes with more aggressive enforcement. The role of defense is always made easier with a good offense.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.