Better Security Intelligence and Attacker Identification can add an Important New Layer to Protect the Data Center.
Perimeter firewalling has you covered like a muumuu on Memaw. While we thank our lucky stars in many ways for Memaw’s muumuu, we still feel like Memaw could do better for herself. And so can you when it comes to data center security.
Don’t get me wrong – perimeter firewalling is a staple in any security pro’s closet. While it provides fundamental protection at the network layer, it lacks the level of sophistication and granularity needed to defeat the ingenuity of today’s hackers who are, essentially, shaping the fashion of security. A one-size-fits-all approach, which may work for muumuus, simply can’t adequately protect your data center.
What’s interesting though is that security has rather come into vogue. No longer is it viewed as just an insurance policy or operating expense. In fact, more than ever before, C-level executives want to know, “What’s up with security?” They want to know the threats that exist. They want to know what’s being done about them. They want to ensure that security issues don’t become business issues.
What’s Trending This Season?
Sometimes you have to look back to see the right path forward. According to last year’s Verizon Data Breach Investigations Report (DBIR), Web apps were the number one attack vector. In the recently released 2013 DBIR, there’s been an update. While no longer the leading attack vector (that top spot went to identity management systems), Web apps are still at risk, with attacks on the rise and the number of breaches up overall. So despite the best of intentions toward attack prevention by security teams and their supportive execs, hackers continue to make headway. They’re after your Web apps. Your identity. Your corporate assets. And they’re not getting caught nearly enough.
That’s right. Once hackers breach an organization’s defenses, they often go undetected. Again referencing last year’s DBIR, it showed that 56 percent of breaches took a month or more to discover. This year, the number is up to 66 percent (with 62 percent of breaches having taken months to discover and, worse, four percent having taken as long as years to uncover). How about you? Have you recently experienced a breach? Wouldn’t you like to know? And better, wouldn’t you like to have prevented it altogether?
No One-Size-Fits-All Solution
Without a doubt, complete data center protection is complicated. But one thing is certain: there’s no single solution that’s going to resolve all your security woes and, therefore, the best defense remains a layered defense. So while you won’t be saying goodbye to Memaw’s muumuu anytime soon, you do need to start to accessorize and take to implementing a multi-pronged approach that can evolve to match the latest and greatest threat stylings.
Fortunately, technologies exist today that can expose vulnerabilities and alert you to hackers before they’ve even been able to do anything untoward. Not only are there Web application firewalls (WAFs) that address the inside-out threat (for the prevention of data exfiltration from infected user devices), but the more compelling solutions are those that take on the more worrisome and persistent outside-in threats that are coming from enemies beyond your corporate walls.
The New Fashion of Attacker-Centric Security
Hackers base their livelihood on coming up with new ways to infiltrate systems and take advantage of you. The sneakier they can be, the more profitable they’ll become. If one door closes, there’s bound to be another one that’s still been left open. What you need to do is start using those open doors to lure hackers in and take from them what they don’t want to give up—their identities. You’ve got to start thinking like them, and you’ve got to start, in a way, preying on their vulnerabilities as well. Anonymity has been a powerful weapon for hackers.
The security industry is now rightfully focusing much more time and attention on the attacker. By understanding and disrupting the attackers, organizations can begin to more effectively gain security intelligence to protect against threats in a much more informed and granular way. From using big data analytics to understand particular habits used by a group of attackers, to recognizing campaigns, to designing more effective methods for identifying attackers, it’s clear that security infrastructure will be getting a much needed makeover.
One novel approach this season being considered by many is the use of intrusion deception to learn more about attackers. This technique, which lures attackers into exposing themselves by injecting fake vulnerabilities into websites for them to exploit, provides a new away to identify the attacks versus just blocking a threat. Once an attacker takes the bait and tries to touch the vulnerability, that traffic can be definitively seen as bad and action can be taken.
Another key challenge several in the industry are seeking to solve is the need for more effective ways to identify attackers beyond IP addresses to make security intelligence actionable. Relying solely on IP addresses is quite limiting, because they are often shared, easily disguised and changed by attackers. One potentially more active approach is finding ways to identify the devices that are being used by attackers. Each device has hundreds of unique characteristics like browser version, geography and screen resolution just to name a few, that when taken together can be turned into a fairly reliable “fingerprint” of the device. These fingerprints can then be used to identify and subsequently block attackers at the device level, which can’t be as easily changed.
Again, it’s all about layering this season. The combination of better intelligence and attacker identification has the potential to add an important new layer to protect the data center. To effectively secure your data center and thwart those miscreants who are compelled to lift Memaw’s muumuu, it all comes down to putting together a complete security ensemble.
