Combating an Advanced Threat Landscape
Diwakar Dayal, VP Sales (Security), Cisco India and SAARC
The cyber world is continuously evolving. Organizations and consumers alike are witnessing complex threats which not only possess the ability to disrupt business operations resulting in information leakage and also cause serious financial losses. For instance, a recent news article reported a 19 year old boy from a small town in India successfully hacking the website of a leading Indian PSU. His rationale was to expose the loopholes in security systems - even amateur hackers such as him could access or steal confidential data from the corporate network.
This is not an isolated case and many 'ethical' hackers worldwide have revealed the various vulnerabilities that exist within corporate networks. As a result, organizations need to proactively develop strategies to maintain business continuity, provide infrastructure wide threat visibility and protection, and simplify day-to-day network management. The entire security infrastructure-network, systems, and management-must work in unison to proactively defend against a wide array of threats, and reduce the mean time to respond and mitigate them in case of an event.
Entering a transformed threat landscape
Organizations are now in a threat era which has advanced dramatically. Earlier, hackers were enticed by fame and recognition but now systems are increasingly exploited for financial gain. Hackers are adapting faster and posing serious threats even before software and operating system vendors can develop patches and workarounds. Threats have also assumed a global nature. There were news reports which stated that Sony Playstation Network underwent a security breach, which compromised the personal data of a staggering 77 million accounts. The company executives eventually apologized and admitted that they had not taken the requisite safety measures to prevent such an intrusion. Other incidents include the LinkedIn password breach and Skype which was compromised by a malicious spam. This indicated that in addition to broad-scale worm and virus outbreaks, IT organizations need to protect against network threats that are specifically designed to avoid detection and can bypass traditional defences.
Employees knowingly or unknowingly put organizations at risk by regularly flouting IT policies. Cisco's Connected World Technology Report revealed startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce - a demographic that grew up with the Internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace. According to the report:
Next Gen Network Security
The need for next - gen security is but obvious. However, the "Next generation firewall" is the most commonly misinterpreted terms for next - gen network security, which might not be the right answer. Such firewalls are still relatively restricted, providing only application and user ID awareness and are unable to offer insights about the activity which takes place within an organization's network. For instance, IT can easily decipher which employees actively surf social networking sites such as Twitter, Youtube, Pinterest. However,knowing that the majority of their network traffic is result of playing games on Facebook and setting up a mechanism to curb that, is a different challenge altogether. Next Gen firewalls are also unable to offer the level of granularity required in such cases as the entire application is either completely allowed or disallowed. This also means saying no to new devices and applications.
So, it is vital to adopt a framework which allows IT to deploy a security mechanism which provides for an end-to-end network intelligence and includes information about the local network, near-real-time global threat information and helps create effective security policies.
Four mantras for creating a robust architecture
Most organizations have tools in place that can be used as a starting point to develop a robust threat prevention architecture. Technology can be introduced in phases as and when the security strategy for the company gets revised.
From viruses to phishing to hijacking to intrusions, the evolution and complexity of threats must be addressed in a way that helps IT departments to make quick decisions based on the intelligence available across the entire IT infrastructure. It is important to have a network which provides accurate, detailed threat analysis, prevents, detects, and mitigate threats to help ease the burden of information overload. This helps the IT department to respond and remediate in a much lesser time span. Governance is also critical to the success of a wholesome security practice. Without formal governance, companies cannot define a clear path for moving the organization successfully and strategically from a managed world to an unmanaged or "borderless" world, where the security perimeter is no longer defined and IT does not manage every technology asset in use in the organization.