Tackling The Knowns, Unknowns And Known Unknowns Of Today’s Cyber Security Landscape

Today's Cyber Security Landscape

It was recently reported that companies considered critical to the UK’s infrastructure that may suffer a cyber-attack will receive a response and clean-up service from a new service launched by CESG, the information security arm of GCHQ. Organisations set to make use of the initiatives range from small firms through to multinational companies, critical national infrastructure providers, central government bodies and the wider public sector.

To my mind, this underlines heightened anxiety levels about the real and present danger UK PLC faces today from cyber criminals. We are faced with a seemingly endless list of threats – malware, advanced persistent threats, zero-days, targeted attacks, viruses – the list goes on and on. But no matter how you view it, it all comes down to threats. More specifically, two fundamental types of threats: known and unknown.

Known threats are the ones your security tools are designed to detect and protect against. Still, successful attacks by known threats happen and there’s room for improved protection. However, it’s the unknown threats that pose an even greater challenge. These increasingly sophisticated attacks cleverly evade detection, bypassing point-in-time detection tools like sandboxing, to reach their target and establishing a beachhead for subsequent attacks.

As an IT security professional it’s your job to protect your organisation against both types of threats. Three advanced technologies can make intrusion prevention systems (IPS) smarter and malware protection more efficient: contextual awareness, big data analytics and collective security intelligence – all working together.

Contextual Awareness

Today’s extended networks include endpoints, mobile devices, and virtual environments and data centres. For security tools to be effective they need complete contextual awareness of the dynamic environment they protect. Consider technologies that offer continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, mobile devices and network infrastructure – physical and virtual.

Smarter security solutions use the data related to your specific environment and automation to help you make more informed and timely security decisions. Visibility into file activity is equally important – knowing file heritage, behaviour, and network trajectory provides additional context, or indicators of compromise, which help to determine malicious intentions, impact and accelerate remediation.

Big Data Analytics

Security has become a big data problem. You need technologies that tap into the power of the cloud and sophisticated analytics of large data sets to deliver the insight you need to identify more advanced, highly targeted threats. The power of the cloud lets you store and monitor information about unknown and suspicious files across your entire IT environment and beyond.

Security tools that use a telemetry model to continuously gather data across the extended network and then leverage big data analytics help you detect and stop malicious behaviour even after a threat has passed through the initial lines of defence.

Collective Security Intelligence

To identify more obscured threats, there’s strength in numbers. Look for security technologies that can draw from a widespread community of users to collect millions of file samples and separate benign file and network activity from malicious based on the latest threat intelligence and correlating symptoms of compromise.

Chloë Smith, minister for cybersecurity was recently quoted in the Financial Times saying that “The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems ….”

Attackers will always find ways find gaps in protection and evade detection but it’s the role of the IT security professional to try and stop them. Making sure your IPS and malware protection is working together is an important step in securing your networks, endpoints, virtual machines and mobile devices. The new services launched by CESG are a fantastic initiative, but if you’d prefer to avoid having to make use of them, tweak your security approach to ensure that contextual awareness, big data analytics and collective security intelligence are working together. You’ve got nothing to lose.

Leon Ward

Leon is a field product manager for Sourcefire. Prior to joining Sourcefire, Leon was involved in the design and development of open source (OSS) Intrusion Prevention Systems. Leon applies his strong background in UNIX security and protocol analysis to overcome the challenges of network security monitoring in the enterprise, specifically in the areas of network intrusion detection, threat mitigation, event analysis and vulnerability assessment. In the little spare time Leon finds, he is the lead contributor to the open source network traffic forensics project OpenFPC (Open Full Packet Capture).