| |||||||||
| |||||||||
Current Filter: >>>>>> Infosecurity Europe 2016 - a guide to getting started Editorial Type: Opinion Date: 05-2016 Views: 3003 | |||
| Tailored security measures require understanding, knowledge, resource and planning. With Infosecurity Europe 2016 upon us and with some help from the vendors, Ray Smyth explores some topics that should be considered For far too long, the IT security market has focused its customer's attention on prevention. There is nothing wrong with that, but it requires some balance if a disadvantaged, even weakened posture is to be avoided.
NETWORK FORENSICS Despite this there is evidence that organisations regularly ignore security alerts. Larry Zulch CEO of Savvius explains that, "Any one of those alerts could become an intrusion that ultimately leads to a breach. Network forensics can determine whether an alert is a false positive which can safely be ignored, or a malware author cleverly avoiding getting tagged." Forensic information, including the origin, destination and even the content of the packet that triggered the alert, plus the traffic leading up to that alert, can provide a security investigator with crucial insight leading to fewer breaches. Network forensics is of course important in breach investigation and Zulch adds, "Packets don't lie. They won't achieve their destination without accurate addresses, and their payload, the malware, must work. But typically breaches are not detected until months later when network traffic is long gone." As you can see, the role of network forensics in IT security is a vital one that can reduce the likelihood of a breach and, if a breach does occur, its impact.
THE SECURITY AUTOMATION GAP Nimmy Reichenberg, VP of Strategy at AlgoSec suggests that, "Security teams have to take back control; keep the bad guys out while keeping applications running smoothly and securely, all day, every day. Skilled security staff spend precious time keeping the lights on, manually maintaining existing systems, sifting through countless security alerts and making device configuration changes, while often inadvertently causing outages and creating security holes." Survey respondents (83 per cent) believe the use of automation in security needs to increase and most believe that automation will enhance an organisations security posture. That said, only 15 per cent felt that their security processes were highly automated, over half had some, but not enough automation, and a third had little to no automation. Reichenberg adds, "With enterprise networks evolving, due in part to business transformation initiatives including cloud and SDN, cyber threats become more sophisticated and businesses are increasingly subject to demanding compliance standards. It's clear that automation of security processes is no longer a nice to have: it's a necessity to manage security at the speed of business."
EXPLODING ENTERPRISE ATTACK SURFACE The enlarged attack surface arises from larger data sources - students, patients, law firms - devices such as smartphones, tablets and IoT. Then there is infrastructure - cloud, SD-WAN, and BYOD. These elements combine into a perfect storm of criminal opportunity, and enterprise IT has diminishing control. Adam Boone, Chief Marketing Officer at Certes Networks picks up this point. "Two decades ago, IT security was organised around a firewalled perimeter. Users and networks inside were trusted and everything outside untrusted; a small attack surface with sensitive data firmly inside. Users could only access sensitive data from within the perimeter or by VPN." According to Boone, "In the 1990s, enterprises transformed operations by digitising mission-critical information and sharing with users everywhere, creating new targets." One conclusion appears to be that IT security is no longer about managing devices and infrastructure. Instead, it must focus on users, applications and their interaction. Boone concludes that it is necessary to, "Shrink the attack surface by controlling which users can access which applications in all locations. Access control must focus on user roles and authorising users for only those applications needed for their job."
| ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |