CS1805
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
total protection<br />
making identification of threats far more<br />
difficult."<br />
Increasingly sophisticated attack activity<br />
can only be detected by real-time internal<br />
network monitoring, which until now has<br />
proved to be an almost impossible task, due<br />
to the volume of data which flows through<br />
even the most basic of networks, he adds.<br />
"The traditionally applied security systems<br />
such as firewalls, Intrusion Detection Systems<br />
(IDS) and anti-virus should therefore form<br />
only part of modern cyber defences.<br />
An additional network layer is needed to<br />
quickly identify activity caused by malicious<br />
behaviours, regardless of whether it's a new<br />
threat, a novel technique or a malicious<br />
insider," adds Driver.<br />
Such a behavioural-based system, he states,<br />
"delivers incredibly high detection rates with<br />
equally low false alarms and would be equally<br />
powerful in identifying potentially exploitable<br />
weaknesses in a network before any attack<br />
actually occurs - enabling organisations to<br />
proactively increase the security of a network<br />
over time".<br />
Driver believes that this step change in<br />
the battle to combat the increasingly<br />
sophisticated cyber security threat would<br />
identify malware that actively outwits rulesbased<br />
or sandboxing appliances, as well<br />
as data being leaked by a trusted device.<br />
"Organisations could also proactively close<br />
vulnerabilities in a network, rather than<br />
reactively patching holes once they've already<br />
been exploited by an attacker," he points out.<br />
THANKLESS TASK<br />
We expend a lot of energy in cyber security,<br />
attacking and pillorying organisations that<br />
are successfully targeted, states Neil<br />
Anderson, director of cyber security at Assure<br />
APM. "A brief glance at Twitter after a major<br />
breach will often show an impressive level of<br />
disdain on the part of researchers and 'redteam'<br />
groups - people whose livelihoods rely<br />
on finding vulnerabilities and exploiting them<br />
- about an organisation's inability to stay<br />
secure." The critics have a point, he concedes.<br />
All too often, it is basic security failings that<br />
let attackers into organisations. "We often<br />
hear a recently breached company throw up<br />
its hands as it tells us that 'it was an advanced<br />
threat actor that attacked us, what could we<br />
do?' Well, patching your known vulnerabilities<br />
and not clicking on links in unsolicited emails<br />
wouldn't hurt."<br />
For all this worthy criticism, however,<br />
protecting an organisation can be a difficult<br />
and thankless task. "Security teams are often<br />
viewed as a cost centre and an obstacle to<br />
achieving business objectives, leaving them<br />
struggling to keep abreast of the firehose of<br />
new vulnerabilities, exploits and regulatory<br />
pressure," Anderson adds.<br />
"In the past, security vendors have been apt<br />
to try to sell us miracle solutions: tools that<br />
will solve all our security problems in one fell<br />
swoop, leaving security engineers free to<br />
concentrate on pondering strategy, petting<br />
unicorns, and fiddling with the occasional<br />
firewall. In those days, we tended towards<br />
a protect and prevent strategy, forming a<br />
perimeter around our networks and trying<br />
hard to stop any attacker, no matter how<br />
skilled, from getting in."<br />
These days, we are generally sadder, but also<br />
a little wiser, he comments. "As the network<br />
perimeter has disintegrated, the concept of<br />
complete protection has been shown to be<br />
an impossibility and we tend to focus our<br />
efforts on an infinitely more achievable riskbased<br />
approach. This basically involves<br />
working out what the risk of a given<br />
vulnerability being exploited is and then<br />
making a (mostly) objective decision on<br />
whether to stop that risk from ever being<br />
realised, to mitigate its effects should it<br />
happen or to accept the risk - in other words,<br />
gamble that it will never happen."<br />
The important thing to remember, Anderson<br />
says, is that none of these options is a perfect<br />
Daniel Driver, Chemring Technology<br />
Solutions: the biggest security threat that<br />
most organisations are exposed to exists<br />
within their own network.<br />
David Broad, Echoworx: many companies<br />
think that once they have a few tools<br />
deployed to control their perimeter they<br />
are done.<br />
www.computingsecurity.co.uk @CSMagAndAwards May/June 2018 computing security<br />
15