The Catch-22 In Cyber Defense: More Isn't Always Better

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/teradata/2015/01/09/the-catch-22-in-cyber-defense-more-isnt-always-better/

The cyber security problem appears to be getting worse. But why?

Call them what you will—bad actors, adversaries, cyber criminals or
hackers—but more importantly, consider how their actions directly impact
your cyber defense posture and the billions of dollars they cost businesses
each year.

Today’s adversaries have evolved from hobbyists to professionals. They are
well trained and well-funded, and run the gamut from social activists and
state-sponsored operators to criminal syndicate members.

Just as they have become more sophisticated, so have their tools,
techniques and procedures. Attacks used to be indiscriminant like viruses
in the wild, spreading and replicating on unprotected systems. Now they’re
targeted to specific firms with the objective of stealing, encrypting or
destroying data.

As a result, we are witnessing possibly the largest transfer of
intellectual property of all time. Sometimes the data is left in place, but
held for ransom by encrypting the data and offering the encryption key in
an act of extortion. For the adversaries, it’s simply business and your
data is the product that’s for sale.

Security professionals used to be confident they could lock down and secure
their networks to prevent incursions. Now, the mindset is that incursions
are inevitable. And the burden is on them to figure out how to detect and
remediate an attack before data is compromised.

Why existing approaches are letting us down

For many organizations, a Defense in Depth or Layered Defense strategy is
standard operating procedure. This approach involves deploying a series of
cyber defenses including tools for Firewalls, anti-virus and malware
detection, intrusion detection and prevention, data loss prevention—and the
list goes on.

The challenge is that adversaries have developed highly effective
offensives to thwart what used to be highly effective cyber defenses. For
example, they now have R&D facilities with commercial cyber security tools
that allow them to test their capabilities for moving through cracks in
defenses, and evading detection. And, yes, they can even move around the
defense in depth strategy to breach data systems—much to the surprise of
today’s most sophisticated cyber security professionals.

A common response to the increased sophistication of adversaries and the
decreasing effectiveness of traditional defenses is to either add more
security tools or increase the sensitivity of the security tools already in
place—or both. Far too often, though, the result is a highly-instrumented
network that generates high volumes of alerts that need to be processed by
the security team. Additionally, increasing the sensitivity of existing
tools also increases the level of false positive alerts, placing a greater
demand on staff resources. A logical step might be to increase the
headcount of the security team; however, today’s shortage of qualified
security professionals makes this option unfeasible.

As the problem grows worse, businesses respond with greater force—which
taxes existing staff resources, yielding less effective security results.

In effect, it’s a catch-22.

Breaking out of the catch-22

The good news for security professionals and executives who want to solve
the cyber security conundrum is the use of data; specifically, big data
analytics. They offer new data types and capabilities to detect advanced
adversaries by using Network Behavior Analytics—analyzing the ground truth
of network data.

Adversaries can hide in baseline network activity and cover their tracks by
altering or deleting logs. However, they need to enter the network and move
from one point to another. And when they move, traditional network defenses
cause them to show themselves—at least in the data.

It’s the difference between observing a conversation first hand, and
processing a second-hand recollection of the conversation—which can be far
less accurate. In this context, the conversation is one machine in a server
role communicating with another machine on your network in a client role.

Traditional defenses typically work with log data, or representations of
what happened like a second-hand recollection. Conversely, big data
solutions for cyber security work with the actual network data—like
observing the conversation directly with perfect recall.

Yes, adversaries have become more sophisticated, but so have the tools and
technologies that defend against them. Turn the table on cyber intruders
and up the ante on your cyber defense posture. By leveraging big data
analytics you can capture network data to help you protect your most
important data assets with greater confidence.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!