Security professionals must update and address their defensive strategies to be proactive against cyber threats, a researcher said Wednesday at the Black Hat conference
in Las Vegas.
Although the industry has made progress, the way defense has been played against attacks has been the same way for a very long time, Iftach Ian Amit, director of services for IOActive, said during his "Maximizing Home-Field Advantage" session at the conference in Las Vegas, Nevada.
"We're using firewalls the same way that people used walls in the Middle Ages," Amit said. "At some point we lost the realization that all those walls are obstructing our views."
While attackers have a clear view of an enterprise's network, companies often face "walls" obstructing their views, he said.
Organizations are accustomed to spending money on out-of-the-box solutions, even though they may already have the resources they need for an affective defensive strategy in place, he said. One key ingredient he mentioned are logs, which he states are the best investment on creating an effective security strategy.
"We're really far from doing something effective with all of the data we have," he said. "In the cost of a couple of SIEM
devices, you can hire a couple of people that can go through chunks of logs and actually make sense out of it for your organization. You need to be able to tune that data to your needs and assets."
Amit said there is no such thing as an all-encompassing security strategy, and while businesses may have worked to put one together, it needs to be constantly updated through the intelligence they collect.
"Intelligence is key, and you can get it from many different places [like] marketing and sales teams," he said. "Talk to the people that run the business and ask them about what's out there against competitors."
Once information is collected, Amit said the next logical step would be to start putting the proper security "fences" in place. However, technology should come last, and educating and alerting those within the organization should be a primary focus.
"There are a lot of people that hold information on your organization," Amit said. "People are hackable, just as well as computers are."