IT security professionals can no longer count on “perimeter defences” such as firewalls to guard against hackers who are more capable than ever in breaking down the tightest cyber defences.
“If you believe for one second that perimeter protection can keep sophisticated, focused adversaries out of your environment, then you’re asleep at the wheel,” said Amit Yoran, president of RSA.
Speaking at the RSA Conference Asia Pacific and Japan held at Marina Bay Sands today, Yoran called for companies to change the way they secure their IT infrastructure.
“Changing your mindset is hard, but not changing your mindset is even harder,” he said. “History has shown that when facing a new challenge, the old kind of thinking never ends well”.
Yoran cited SingPost as a good example of an organisation that has reinvented itself amid declining volumes of traditional mail – by diversifying into e-commerce, which now accounts for over 25 per cent of its revenue.
“These are radical transformations happening at international postal services,” Yoran said. “Meanwhile, in the security industry? Still selling stamps.”
Yoran said perimeter defences are no longer effective, simply because they rely what is already known about a piece of malware or software loophole.
“We all know the threats that cause the greatest damage are the ones that we haven’t seen before. Nonetheless, many security professionals still base their security monitoring programmes on these technologies,” he said.
So what’s the mindset change required of IT security professionals and the organisations they work for? Yoran pointed out five areas, the first of which is the recognition that even advanced security measures will fail.
“No matter how high or smart the walls, creative and focused adversaries are going to get into your environment,” he said.
Instead, he said IT security professionals should challenge themselves – and security vendors – about whether certain security products will really keep out cyber criminals. “Or is this yet another wall that’s going to be breached?”
Second, Yoran said security professionals should have deep and pervasive visibility of what’s going on in their IT infrastructure – from user devices to the corporate network and the cloud.
“If you don’t have that level of visibility in place, you’re only pretending to do security,” he said, adding that such visibility is also crucial in understanding and preventing security breaches.
“The single most common and catastrophic mistake made by security teams today is under-scoping an incident and rushing to clean up compromised systems before understanding the broader campaign,” he added.
Third, effective identity management matters more than ever in a cloud and mobile world with no clear perimeters.
This involves governing who should have access to which systems and data over time, beyond the walls of the enterprise – especially since 95 per cent of attackers use stolen credentials to access confidential information.
“Don’t make the mistake of trusting the actions of the trusted. Analysing who is accessing what will help to identify attack campaigns earlier in the kill chain – this makes a difference between a successful response and a disaster,” Yoran said.
Fourth, organisations must leverage external threat intelligence, which should be operationalised into their security programmes and tailored to their interests. This will allow analysts to quickly address the threats that pose the greatest risk, Yoran said.
And finally, Yoran said security programmes must be guided by an understanding of risk.
“You must understand what matters to your business and what is mission critical. You have to defend what’s important and defend it with everything you’ve got.”