Cyber-Attacks Are Getting Harder To Detect

by Swaminathan B    Sep 15, 2015

kartik

With an increased number of businesses now relying on mobile devices and digital technologies, securing the enterprise has become one of the key concerns of CIOs and IT leaders. At the recently held Gartner Security & Risk Management Summit, where  RSA, the Security Division of EMC, was one of the sponsors, Kartik Shahani, Sr. Regional Director, India & SAARC, RSA explains to CXOtoday the evolving threats in the enterpise space and how organizations need to pull up their socks in the current digital era.  Excerpts.

- In India, is technology spending aligned with the pace of advanced threats?

It is based on the security maturity of an organization and its need to align business critical assets to protect against advanced threats. Those enterprises which are driven by compliance and regulations are investing more than the rest. Typically large banks, insurance, telecom and large corporates are the main adopters followed by those organizations that are concerned about protecting their IP.

- At the recent Gartner summit, it was discussed that security focus must shift from policy to people, so as to make people accountable. How can organizations actually do that?

While shifting the accountability from policy to people it should be taken into cognizance the applicability of the rationale. The policy is a framework and for it to work it needs processes. Efficacy of process execution and monitoring can be attributed to people. So without a well drafted policy and the processes for execution there’s no point in shifting the focus to people. Thereafter organizations need to review, if their talent pool have the right skills and experience to manage.

- Can you mention some of the key security initiatives that are mandatory for organizations in the wake of increasing threats?

Today’s attacks are much harder to detect not only as they are more sophisticated but also the attack methods have fundamentally changed. Firstly, they are very focused and targeted – with a specific objective.  Secondly, once their initial intrusion is successful, they are extremely stealthy and remain below the radar. These attackers remain hidden inside the organization – for weeks, months, years exfiltrating data all the time.  They cover their tracks by erasing logs and have multiple backdoors established in case another path is discovered.Against these varied attacks, we need a fundamentally different response.

Visibility – There should be complete visibility of identities, network traffic and all transactions in the network flow.Analysis – Visibility without context is just a noise. Data needs to be enriched at the point of capture to provide asset criticality, identities, vulnerabilities and business value. This context turns visibility into intelligence that an organization can use for detection and prioritization of response.Action - With advanced analytics taking visibility and providing detection, you need to drive the correct response to respond to the threat. By combining alerts into incidents, you can provide analysts with a prioritized queue and drive the right action efficiently. You should ‘detect fast and respond even faster’.

- Traditional tools are not able to check hackers. What are the future trends we can expect in security?

Traditionally, organizations were focused on prevention and perimeter security solutions were of utmost important. Only, perimeter security is no longer enough - though they are still required. As I said earlier, organization must look beyond and have visibility, advanced analytics and must act quickly to minimize the damage.

The threat landscape has changed dramatically and is still changing. Some of the future trends in security are:

• Adopt a Deep and Pervasive Level of True Visibility Everywhere – from the Endpoint to the Cloud “We need pervasive and true visibility into our enterprise environments. You simply can’t do security today without the visibility of both continuous full packet capture and endpoint compromise assessment visibility.”

• Identity and authentication matter more than ever “In a world with no perimeter and with fewer security anchor points, identity and authentication matter more than ever . . . At some point in [any successful attack] campaign, the abuse of identity is a stepping stone the attackers use to impose their will.”

• External threat intelligence is a core capability “There are incredible sources for the right threat intelligence . . . [which] should be machine-readable and automated for increased speed and leverage.  It should be operationalized into your security program and tailored to our organization’s assets and interests so that analysts can quickly address the threats that pose the most risk.”

• Understand what matters most to your business and what is mission critical. “You must understand what matters to your business and what is mission critical.  You have to defend what’s important and defend it with everything you have.”