Two Main Challenges of Defending Your Cyber Infrastructure
With organizations increasing their spending on cyber security every year – particularly in the mobile and cloud domains – why are security breaches and data thefts so often in the news? According to security research firm Mandiant, 63% of breaches are reported by third parties (rather than the affected companies) and attackers remain undetected in an organization’s network for an average of 243 days. All of this raises a much larger question: are we losing the fight with the bad guys?
My previous blog post explored the motivations and resources that give strength to cyber criminals. This time, I’ll take a closer look at the two main challenges facing those tasked with defending their organizations against those criminals — and introduce ways to address those challenges in an affordable, scalable and proactive way.
Challenge 1: Lack of situational awareness
If you were walking down a dark alley and saw a group of shady characters up ahead, you might feel threatened and take some action to protect yourself. You could scan for nearby exits, or simply change your route so you don’t cross their path. You can’t be sure that the figures in the distance pose a threat, but you’re not likely to take any unnecessary chances. Acting on self-preservation instincts, people anticipate potential threats and act to minimize them.
This is an example of ‘situational awareness’ – and while we use it in the real world all the time, it’s often sorely lacking in the cyber realm. In the digital world, many organizations are likely to be facing threats without knowing it – and they don’t realize the implications until it’s too late.
Challenge 2: Keeping up with the security ‘arms race’
Even though you may be continually investing in and refreshing pieces of your defensive infrastructure, you’re doing so in an IT environment that is rapidly evolving to accommodate new services and business models. For example, when you embrace cloud services or all-new mobile platforms, there may be implications on your previously-adopted security approaches. As a result, you may need to invest in new security solutions – a cycle that repeats itself with every new technology, and adds a ‘hidden cost’ to innovation for many organizations.
At the same time, resourceful adversaries are always finding new ways to get past your defensive measures. They take advantage of the increasing complexity of IT infrastructure and services to find new security flaws and exploit human weakness to manipulate their way to your organization’s ‘crown jewels’.
What you can do to protect your organization
If your organization, as many others, feels the pain of these challenges, what’s the path forward?
First, you need to improve your online situational awareness. While traditional technologies that organizations have used to achieve this – such as security information and event management (SIEM) systems – have been costly to deploy in-house, affordable alternatives for adopting these systems are now available. Managed security services, for example, let businesses take advantage of 24/7 security operations centre (SOC) monitoring and managed SIEM to ‘watch their backs’ online. Emerging cyber threat intelligence (CTI) solutions will also help to further enhance situational awareness.
Second, you need to escape the constant arms race – that tug-of-war between your ability to upgrade your security controls and the bad guys’ ability to bypass them as soon as they’re improved. Doing so requires a diverse ‘defence in depth’ strategy and taking advantage of your broader supply chain to help. In particular, security services hosted in your service provider’s network offer an effective way to augment your existing, on-premises defences. Examples include managed Internet and web application firewalls, managed intrusion detection and protection services, and network DDoS protection services. These can provide an always-on, always up-to-date layer of defence around key assets, depending on your needs, whether they’re hosted behind the corporate firewall, in the cloud or distributed across mobile devices.
Responding to a zero-day vulnerability looks different with improved situational awareness and a hosted security perimeter in place. In the past you might have had to shut down at-risk services when the zero-day vulnerability was already being exploited, while anxiously waiting for patches from vendors. Now, the SOC managing your organization’s network defences can discover the new exploit – often before the vulnerability becomes public – and immediately update your hosted security perimeter to protect your infrastructure and data. This means you can deploy vendor patches as they become available while still being able to run your critical customer services, for example.
The bottom line
Life is difficult for the defenders of cyber infrastructures. Their ability to detect attacks and defend against them is often limited by budget constraints, long technology refresh cycles, and the constant development of new and innovative ways to breach defences and bypass existing security technology by well-funded adversaries.
But that doesn’t mean all hope is lost. There are indeed scalable, proactive security solutions that can augment your organization’s situational awareness and keep you out of the arms race – without having to invest a huge amount of resources into an in-house IT security team. In my next post, I’ll explore the potential of cyber threat intelligence and hosted security services to further help you protect your vital systems and data.
By Matt Broda, Security Technical Fellow at Bell