This year, South African business will continue to embrace digital transformation. From network-connected smart TVs and photocopiers to air-cons in the boardroom for greater convenience, and the wider adoption of cloud, employees are able to work anytime and anywhere, using smartphones, tablets and even smart watches.
And we can expect cyber criminals to slap their keyboards with joy for the opportunities the growing ‘digital business’ brings.
Well-reported cases show that even large and well-resourced organisations fall victim to cyber attacks, and they’ve suffered data theft, interruption of services or reputational damage as a result. In parallel, security budgets have increased faster than any other, and most companies have board-level visibility and backing for security. Despite the increased investment and business backing, chief information security officers (CISOs) are facing a security challenge greater than any seen in the past 10 years.
Why is this?
For many years, digital security has operated on the principle that you can keep attackers out. Our defence systems attempt to do this by guarding the perimeter of the network, with tools such as firewalls, anti-virus programs and patching. However, it’s clear that this current approach is outdated and ineffective against today’s advanced cyber threats. Sophisticated cyber attackers are capable of ‘bypassing’ the perimeter, and insiders are, by definition, already operating within the firewall. Breaches are a reality within our organisations, whether we know it or not!
We must also accept that cyber security is not just a technical challenge. Human ingenuity and creativity has made it extremely difficult to second-guess how an attack might present itself, or understand in advance which employee or insider poses the greatest risk to your organisation. This new era of cyber threats calls for technologies that can deal with subtlety and uncertainty, and empower individuals to take informed decisions that will tangibly minimise risk, as well as take action in real-time (actionable intelligence).
Legacy security defences are also over-reliant on signatures and rules, which by definition can only stop pre-identified threats. As attack methodologies continue to evolve at speed, rules are continually outdated and outmanoeuvred. Would-be attackers may make fractional changes to their binary appearance within a network to evade a signature scan, socially coerce a user into clicking a malware packaged in an attachment to an e-mail, or use other readily available methods to subvert existing security systems.
The insider, an employee, is most likely using authorised access to applications to steal data or execute transactions for personal gain. They may have similar objectives to the criminal, but they will be approaching the objective in a different manner. If we accept the new reality of cybe rcrime and consider this against current SecOps’ modus operandi and the associated cost, we need to ask if we’re getting a return on investment. Are the operating investments delivering measureable improvements in our security posture? These are definite reasons for a change in strategy, technology and execution.
Next-generation digital security
There are several key requirements for effective cyber-threat management – these include comprehensive capture of activity and traffic across users, systems and networks; real-time detection and analysis of anomalous behaviour and malware; advanced visualisation and alerting of threats; and automated remediation and recovery of breaches.
The technologies that come together to deliver the functionality have similar characteristics in that they exploit major advances in machine learning, mathematics and big data in their solutions. No sign of a signature, no rule to be written, no trawling of millions of events, and no waiting for a patch!
So, what makes the emerging security technologies so different? Take a look at Darktrace, one of the leaders in this field. Darktrace’s unique technology is powered by advanced machine learning, allowing it to self-learn what is normal for a company’s network environment, so that it can then determine if any behaviour is abnormal – the business ‘pattern of life’. This allows it to detect outliers to these learned patterns, as they emerge, which may represent a serious threat – cyber attacks of a nature that may not have been observed before, the unknown unknowns. Darktrace does this through the use of advanced mathematical models to establish an evolving understanding of every device, user and network, and stay ahead of developing advanced persistent threats (APTs), insider attacks and other live-threat scenarios.
Enterprise-wide threat visibility is key, and this is mirrored by the need for capabilities that take ‘action’ on intelligence. We need to protect the enterprise’s assets (servers, applications, client devices, etc) that are of criminal interest. Consider the challenge of end-point security – that never-ending cycle of patching and anti-virus updates – and that SentinelOne, an innovative start-up, is changing the end-point game using machine learning to deliver protection against targeted attacks, advanced threats, and zero-day attacks. SentinelOne’s dynamic execution inspection detects advanced threats, provides automated mitigation, and generates real-time forensics.
It’s not only that the sophistication of cyber attackers has developed out of all recognition, but the changing IT landscape also compounds this problem. Just consider cloud, a hot topic in South Africa at the moment. Cloud is now a part of our lives, so why not apply innovation in this space, too?
The use of machine learning and big data for cyber threats is almost mainstream, enabling next-generation SecOps. Looking forward, we should see software-defined security, decoy and deception, and micro-segmentation techniques adding significantly to our defence capabilities.
With next-generation technologies, a company’s CISO will regain the advantage that comes with visibility, early warnings and automated responses and remediation. So in the event of a compromise, the organisation is confident of the capabilities to act before a real crisis occurs.
To learn more about a suitable approach to managing your cyber threat, contact Blue Turtle for a consultation at +27 (0) 11 206 5600 or firstname.lastname@example.org.