FEATURE: MULTI-LAYERED SECURITY
IT IS IMPORTANT
TO CONSIDER THE
EXPLOIT PATHS TAKEN
BY ATTACKERS AND
MALWARE WHEN YOU
THINK OF LAYERED
SECURITY. MOST OF
THE ATTACKS START
WITH A TARGETED
PHISHING ATTACK
AGAINST A USER AND
WHEN THE USER FALLS
FOR IT, THE ENDPOINT
GETS AFFECTED
T
he world is talking about
superheroes – think Batman,
Spiderman or even Superman
but more than the superhero battling
it out alone, today’s real blockbuster
superheroes are joining forces
combining their complementary
superpowers in the universal quest for
good over evil – think Avengers! And
so how do we take this analogy into
the world of security – well it got me
thinking that we need to look seriously
at what it means to join forces to more
effectively combat and defeat the bad
guys from a cyber-security perspective
– not only from an industry standpoint,
but also from a technology standpoint.
Cyber criminals go to great lengths
to remain undetected, using
technologies and methods that result
in nearly imperceptible Indications of
Compromise (IoCs). At the same time,
modern networks are also evolving,
extending beyond traditional walls
to include public and private data
centres, endpoints, virtual machines,
mobile devices, and the cloud.
In today’s dynamic Middle Eastern IT
and threat environment, point-in-time
solutions lack the visibility and control
defenders need to implement an
effective security policy that addresses
advanced threats. And disjointed
approaches only add to capital and
operating costs and administrative
complexity.
Converged solutions that combine two
or more security functions together on
a single platform attempt to address
these shortcomings. However, simply
consolidating security functions on one
appliance is far from adequate. The
level of integration, if any, is typically
limited to device management and
post-event analysis – where data is
combined into a single repository
(often in a SIEM) for later manual
analysis.
This visibility and analysis aren’t
automatically correlated in real time
and made actionable to quickly
contain and stop damage, or shared
throughout to prevent future attacks.
40
INTELLIGENTCIO
And the data gathered is evaluated
only once – a snapshot in time –
not continuously, so that we forfeit
opportunity to systemically ‘tune’
defences based on new telemetry and
intelligence.
It should come as no surprise then
that for the last few years the Verizon
Data Breach Investigations Report
has revealed that most breaches are
found by law enforcement and other
third parties – not by the breached
organizations themselves. To make
security investments more effective
in the region, what’s needed is a
comprehensive approach with tightly
integrated threat defence across the
extended network and the entire
attack continuum – before, during, and
after an attack.
As attack methods have evolved, more
choices of information security and
risk management tools have been
developed to fill the void. For example,
endpoints—particularly mobile ones—
use protections beyond antivirus
to centrally manage things such as
what endpoints can access or what
applications they can use.
It is important to consider the exploit
paths taken by attackers and malware
when you think of layered security.
Most of the attacks start with a
targeted phishing attack against a
user and when the user falls for it, the
endpoint gets affected. This becomes
the launch point to get deeper into
the organisation, where the data
with real value can be accessed. A
well-integrated threat defence system
facilitates sharing of ‘context’ and
intelligence between security functions
which then immediately informs the
whole and speeds detection and
remediation.
Each security function must be tightly
integrated for truly effective multilayered protection against the full
spectrum of attacks – including known
and unknown attacks. This is done by
gathering telemetry data across the
extended network and encompassing
all attack vectors for full contextual
www.intelligentcio.com