Tackling The Generation Gap In Cyber Security

Tackling The Generation Gap In Cyber Security

Over the past few years we’ve seen a dramatic shift in the threat environment. Whether the threats come from hackers, script kiddies, client-side attacks, advanced persistent threats, or state-sponsored actors, the attacks are targeted, unexpected and deadly. The perpetrators are organised, well-financed and relentlessly innovative.

With these new threats targeting IT infrastructure at an unprecedented pace, traditional means of protection are no longer adequate. The days of manually analysing threats, creating signatures and deploying these signatures are long gone.

In recent research, nearly 75 per cent of threats are seen only once with lifetimes measured in hours and days. The continuous metamorphosis into variations of the same core threat makes timely response incredibly difficult.

Organisations are facing a generation gap when it comes to combating today’s attacks. And the situation is likely to get worse before it gets better. Designed for another time, most first-generation network security devices can’t keep pace with challenges like:

Technology disruption: Mobile devices, software as a service, virtualisation and cloud computing are necessities as organisations look to ways to enhance productivity, save costs and speed deployment. Most security tools deployed today don’t provide adequate visibility to factor in dynamic network topology, behaviour and traffic into security policy definition and enforcement decisions.

Advanced attacks: The tactics that adversaries now employ, such as port hopping, encapsulation, zero-day attacks, command and control (C&C) evasion, lateral movement, encrypted traffic and sandbox evasion, make it very difficult to detect and block attacks. First-generation security tools lack the historical data and intelligence to handle attacks that use these methods.

Performance demands: In the age of multi-gigabit network connections at the perimeter and within the core data centre, security devices need to inspect and enforce policies at these same speeds across all network subsections. This simply isn’t possible with traditional network security device architectures.

So how do you deal with this generation gap? New security approaches are emerging to address today’s fluid IT environment, sophisticated threats and increasing network speeds. Given that many first-generation devices have been deployed for over a decade and simply can’t adapt to this new reality, the time is right to revisit your security strategy and bridge the gap with a new approach to security.

Below are key criteria to look for along with specific questions to ask to help you make more informed decisions and, ultimately, better defend your modern IT environment against modern attacks.

Visibility: You need to be able to accurately identify the applications active in your environment (regardless of protocol) and see the myriad of connecting hosts, infrastructure and users. With this visibility you can apply the context of network and user behaviour to determine the intent of any given connection and whether it should be blocked.

Threat effectiveness: You need to ensure your network security technology can protect against both known and emerging threats while maintaining effectiveness under load during peak utilisation.

Granular controls: You want your network security devices to enable safe access, not encourage employees to go around your defences. This requires fine-grained security policies with the ability to customise detection and response for both applications and web sites.

Automation: For most IT security organisations, resources aren’t increasing to keep pace with advanced adversaries. You need tools to automate the provisioning and tuning of security policies and apply those policies consistently across the enterprise.

Advanced malware protection: With increasingly sophisticated malware attacks, it’s becoming more difficult to reliably detect malware on the network and remediate it if it does successfully get through. Cloud-based malware intelligence and the ability to coordinate defenses across the environment are now essential.

Performance, scalability and flexibility: To analyse and apply complex policies at high speeds, performance and the ability to scale to multi-gigabit networks is critical. Flexibility to support your deployment model today and the capability to easily change in the future gives you investment protection.

Management and extensibility: To be practical, any updated approach to network security must enable centralised IT security management across the entire enterprise and seamlessly support additional capabilities.

It’s only a matter of time before your organisation faces a breach. The good news is that network security technologies are evolving so you no longer have to be hampered by first-generation approaches. Armed with the right questions you can make the best decisions to protect your organisation and mitigate risk in this challenging era.

Leon Ward

Leon is a field product manager for Sourcefire. Prior to joining Sourcefire, Leon was involved in the design and development of open source (OSS) Intrusion Prevention Systems. Leon applies his strong background in UNIX security and protocol analysis to overcome the challenges of network security monitoring in the enterprise, specifically in the areas of network intrusion detection, threat mitigation, event analysis and vulnerability assessment. In the little spare time Leon finds, he is the lead contributor to the open source network traffic forensics project OpenFPC (Open Full Packet Capture).