Top 3 Key Cyber Security Technologies

Top 3 Key Cyber Security Technologies

The cyber threat keeps getting more sophisticated.     The cybercriminals who are operating in this area are good at what they do.  They are operating on the fringe and must solve very complex problems to get what they are after and not get caught.

Maybe you have next gen firewalls, endpoint protection, DLP, intrusion detection /protection and a SIEM.  But that alone is not enough.

Let’s explore three key technologies that should be on your radar.

1. SSL(Secure Sockets Layer) Inspection

I’m sure you are blocking all sorts of traffic coming and going from your network but what about the traffic you can’t inspect?   It is forecasted that 70% of internet traffic will be encrypted by the end of 2016[i]

People tend to be the weakest link in any security plan.  In Verizon’s 2016 Data Breach Report, the authors state that 30% of phishing emails get opened and another 12% actually go on to click the malicious attachment or link.[ii]

 

 

Even well trained users sometimes open links or enable macros when prompted.   Chances are that the payload of that phishing attack is encrypted over the internet using SSL so your security tools may not even detect it.

Data exfiltration is another problem and again, if your confidential company data is leaving the company over an SSL encrypted connection, your DLP solution may be unaware.  The insider threat is still by far the largest risk by category.[iii]   Data breaches here are often not intentional but can be prevented.

 

Cyber Security Trends

 

The bottom line is if you don’t decrypt the traffic you can’t inspect it, and cybercriminals are leveraging SSL traffic to hide malicious activity.

By leveraging SSL inspection, you can pass that traffic once decrypted to other devices in your network for further inspection, thus removing this huge blind spot in your cybersecurity defenses.

2.  DDOS (Distributed Denial of Service) Protection

It is likely that we will see many more DDOS attacks similar to this historic attack Dyn sustained October 21, 2016.   The attack was significant in both size and method.   Reports state that IoT (Internet of Things) devices were compromised and used as part of a botnet to launch the attack.  This may be an indicator of what is to come as there is a perfect storm brewing.    A huge market surge and consumer demand for internet connected devices combined with a lack of security on these devices means a lot of opportunities for cybercriminals.

Enterprising cybercriminals are selling DDOS as a service (DDOSaaS) offerings, making it easy for the non-technical would-be criminal to get in on the action. [iv]

The cost of to a business can be significant.   Industry surveys indicate the cost of downtime at $300K per hour, but that is only the tip of the iceberg.   Loss of productivity and reputation damage should also be considered.[v]

The goal of the cybercriminal in a DDOS attack may not be as straight forward as disrupting services.   Often, the intention is to distract from the primary goal of compromising a system and stealing data. This multiple tier approach is very effective in hiding a stealthy data breach and burying the evidence in an avalanche of logs and alerts.

DDOS mitigation technologies can redirect the traffic, only allowing the legitimate traffic through to your infrastructure.

3. UEBA (User and Entity Behavior Analytics)

Signature based detection of viruses, malware or intrusions can only go so far.   Bad actors change their Modus operandi often and can operate undetected in an organization for extended periods of time before being discovered.   The average data breach can take up to six months to detect.[vi]

Data analytics and machine learning can detect anomalies in user or device behavior on a network.  UEBA provides rapid detection and response, enabling analysts to disrupt adversaries before they are able to fully execute an attack.

The power of analytics in this space can be a game changer in the fight to keep an organization secure.   By looking at historical data and creating a baseline, abnormal behavior can be identified and remediated quickly.

 

 

Reference: 
[i]
https://www.sandvine.com/trends/encryption.html

[ii] http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

[iii] http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

[iv] http://www.theregister.co.uk/2016/09/12/denial_of_service_as_a_service/

[v] http://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/

[vi] http://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/

 

Tags:

Write a Comment

x

Contact Us Close