IT professionals have developed a sixth sense when it comes to locking down typical threat vectors — but while they’ve learned to bolt the doors, windows are sometimes left wide open. As noted by security guru Bruce Schneier in his essay “The Future of Incident Response”, part of the problem is that attacks are getting more sophisticated; advanced persistent threats (APTs) go beyond financial gain to target underlying systems and information, and don’t always attack the way you’d expect.
Schneier also argues that we’re living in a decade of “response”, where handling security incidents has become more important than protection, leading companies to under-invest in these critical areas. The problem? Gaps in your defenses, gaps that only widen as your network becomes more complex and endpoints multiply. The solution? Proactive prevention.
Behind Enemy Lines
According to a recent Infosecurity Magazine article, malware authors are taking advantage of this focus on response to slip new code past company defenses. How? Encryption. In the wake of high-profile bugs like Shellshock and Heartbleed, coupled with recent breaches at large retailers like Home Depot and Dairy Queen, the tech industry has turned to encryption as the data cure-all. It makes sense: lock down data in transit and you don’t have a problem, especially if you’re also using a secure network connection.
But this focus on encryption has left an opening for attackers — if they can slip malicious code into an encrypted transmission, it can go almost anywhere. This is especially true for SSL traffic, which offers a distinct lack of visibility. In effect, hackers have been able to “dumb down” the sophistication of their malware knowing that companies aren’t focused on prevention, but response.
Any area of your network could be vulnerable. From unpatched apps to missing antivirus controls or SSL ports, malware will find a way. And if you aren’t watching it can sneak in undetected; by the time you identify and respond to a threat, it may be too late. Effective defense is made more difficult thanks to increasing use of cloud services and the BYOD trend — end-users aren’t afraid to take advantage of new technologies, even if they’re untested or unapproved. As a result, the number of endpoints in your network is growing exponentially, while you have limited time and resources to secure each one.
There’s a better way, and it starts with complete network mapping coupled with self-learning and detection to cover off both user devices and “safe” endpoints that may have slipped through the cracks. We heard Marc Bieri of HSBC Private Bank Switzerland, formerly a Senior Detective for the Geneva Police Department, presenting at Analytics’15 conference last week about using Nexthink’s unique technology and pushing it way beyond its limits to produce breathtaking results: increasing the risk mitigation effectiveness while reducing overall security costs. I like to think of it as proactive prevention — coverage for your entire network from the ground up.
Of course, prevention is just the beginning. Stay tuned as I dig deeper and examine the next critical security component in a future blog post: anomaly detection.