It's only February and we've already experienced several massive data breaches at Target and Neiman Marcus. Why are we unable to keep attackers out of our networks?
Several factors are tipping the scales in favor of the bad guys. The top three are lack of (threat) information sharing, insufficient security automation and the absence of continuous security risk monitoring.
Fortunately, there are ways to make threats and vulnerabilities visible and actionable, while enabling organizations to prioritize and address high-risk security exposures before breaches occur.
Here's how we can level the playing field in the cyber security war.
Sharing like attackers do
The sharing of sensitive threat information is essential to preventing a widespread attack across different verticals and industries. Criminals are coordinating their efforts and are well versed in sharing vulnerabilities and attack methodologies. To counter them, government and private industry must work hand-in-hand to quickly distribute information about threats.
One way to do this is using a centralized infrastructure that is capable of consuming threat intelligence data feeds and cross-correlating those with organizational attributes such as control and configuration settings, asset criticality, vulnerabilities, patch status, etc. This enables otherwise labor-intensive work to be avoided and common attack patterns to be detected and analyzed automatically, which dramatically reduces the risk of exposure.
Automate anomaly detection
Most organizations rely on multiple, best-of-breed, silo-based tools (e.g., fraud and data loss prevention, vulnerability management, or SIEM) to produce the security data necessary to detect or prevent cyber-attacks. This model generates a high-volume, high velocity stream of complex data that must be analyzed, normalized, and prioritized. An integrated infrastructure which can piece together data from different sources and connect the dots to detect suspicious patterns that would indicate a cyber-attack or data breach is a better approach since it doesn't require security operations staff to do so manually. This can shorten the window attackers have to exploit a software or network configuration flaw.
Monitor, rinse, repeat
Cyber threats are unpredictable and cannot be scheduled like a compliance audit. Instead of a point-in-time view of risk, continuous monitoring of both compliance and security posture are required to increase situational awareness. The use of Big Data, automation and correlation can reduce costs by unifying security management, streamlining processes, creating situational awareness to expose exploits and threats in a timely manner, and gather historic data which can assist in predictive security.
Use risk to prioritize remediation
While security monitoring generates Big Data, information security decision making should be based on prioritized, actionable insight derived from this data. To achieve this, big security data needs to be correlated with its business criticality or risk to the organization. This allows organizations to assign policies, classifications, and business criticality to assets, propagating the attributes (e.g., risk) to all related assets, and then enforcing the attributes in a dynamic data-driven environment. Once assets that require the highest priority for remediating threats are identified, organizations must ensure a smooth handoff from security operations to the IT department, which is responsible for mitigating issues. Any latency in this process can lead to critical delays in time-to-remediation, offering hackers an opportunity to exploit existing vulnerabilities.
Better intelligence, better security
To reduce the risk of data breaches and detect and contain attacks early, consider a centralized infrastructure that can consume security intelligence from multiple sources, automate security processes and perform continuous security risk monitoring.