New age cybersecurity threats and defence strategies for UAE companies
By Ashraf Sheet
Published: Thu 11 Jan 2018, 8:25 PM
Last updated: Thu 11 Jan 2018, 10:35 PM
Today there is no doubt that cybersecurity is one of the hottest topics in the realm of Information Technology. With almost every new technology trend there is a new form of cybersecurity that evolves with it.
With the advent of the relatively new technology initiatives that we are seeing today such as Internet of Things (IoT), Next Generation Data Centre (NGDC), cloud adoption whether it is public/private/hybrid, Digital Economy, IT Compliance, BYoD, Shadow IT, and few others - cybersecurity has to address all of these trends.
With that, security trends such as IoT Security, Cloud Security, NGDC security for SDN & NFV, CBSA security (Cloud-based Services and Applications), and so on are becoming key. Many of these security trends fall under network security, which can be divided into three fundamental aspects:
Modern networks are increasingly comprised of mixed physical, virtual, and cloud components distributed across geographies. As networks grow more diverse, it can become extremely difficult for them to confirm the security of all assets. For example, IT teams may not even know when new devices or virtual machines join the network, much less whether they are non-compliant or contain vulnerabilities. That lack of visibility greatly increases risks for businesses.
More than 90 per cent of malware uses Domain Name System (DNS) at various stages of the cyber kill chain to penetrate the network, infect devices, propagate laterally, and exfiltrate data. According to recent surveys, 46 per cent of respondents experienced DNS-based data exfiltration and 45 per cent experienced DNS tunneling. Malware and data theft are pervasive largely because conventional cyber security solutions are not designed to protect DNS.
Organisations need to be aware of these common operational gaps that are hindering their threat containment efforts:
. Siloed threat intelligence. Today's security teams rely on threat information from disconnected, often conflicting sources. This results in higher false positive rates, increased cost, reduced effectiveness, and erosion of trust. Moreover, information silos between network and security teams can lead to security gaps, slower vulnerability detection, and costly remediation delays.
. Lack of threat context. Security personnel are inundated with thousands of alerts and no clear way to know which ones to act on first. Organisations lack visibility into core network services that can provide context to respond with maximum efficiency to the most critical threats.
. Manual processes. The ability to respond to fast-moving cyber threats with certainty and speed is paramount. Yet, many organisations use manual and time consuming processes and analysis to prioritise threats and identify context. This results in longer remediation times or worse still failure to act on threats.
Cyber security strategies
There are fundamentally three things we need to change and the first one is the siloed approach. You have to basically build security in a fluid manner where layers are fused together and interacting more. So you have to have closed-loop feedback. If something is detected, you need a system that is able to flag up the issue him so it can be dealt with proactively. Proactivity is the key term here, but that correlation has to exist.
The siloed approach has to change. How, you may ask? It has to start with customers. Customers have to basically force their partners and the companies they buy from to say, "Hey look guys, this is just not working. I can no longer afford to run my network security in a siloed fashion."
They need to be held accountable if the security infrastructure the vendor provides is not effective.
The second fundamental change is 'threat intelligence'. Traditionally all the functionality was in the policy enforcement point inside the firewall and all the policies were in there. So when an attack was initiated you were at the mercy of the vendor to give you new firepower with new functionality so you could program additional stuff. That's obviously not going to work anymore. At the end of day each of these vendors is supplying this threat intelligence information based on what they really think. So how can you have one policy? To get there, customers need to consolidate their threat intelligence into a high integrity curated platform that is backed up by a solid research team and accomplished data scientists.
The third fundamental change required is a communication fabric that models threat in the same way. When you're discussing digital equipment and technology you need to be prescriptive. We don't all understand what the language is to describe the threat. I mean to the human being it's easy to say this is a threat. What constitutes a threat? How do you describe it? How do you classify it? What are the actions you take?
If we fundamentally change all these three things, then will the world be a much safer place? Yes it will. Is it going to be perfect and we're never going to encounter problems again? No. But it will definitely be more efficient and faster in responding.
The author is regional director Middle East & Africa at Infoblox. Views expressed are his own and do not reflect the newspaper's policies.