The second story had to do with one of those agencies that's been in the news lately for monitoring lots and lots of email and phone communications. I've heard claims that all three branches of government had oversight into the process. It struck me that there is a major problem with that claim. They were all sworn to secrecy and operating behind closed doors. No transparency; just a tacit statement that we only look at the facts relevant to the bad stuff. Ok, so how are they related?
Showing posts with label Predictions. Show all posts
Showing posts with label Predictions. Show all posts
Better Incident Response Is the Real Game Changer
The second story had to do with one of those agencies that's been in the news lately for monitoring lots and lots of email and phone communications. I've heard claims that all three branches of government had oversight into the process. It struck me that there is a major problem with that claim. They were all sworn to secrecy and operating behind closed doors. No transparency; just a tacit statement that we only look at the facts relevant to the bad stuff. Ok, so how are they related?
- Posted by: Unknown
- No comments
- Categories: Cybersecurity , Cyberwar , Data Privacy , Incident Response , Predictions
A Trio of 2013 Security Predictions
No doubt most of these things will happen.
But many of these predictions overlook some of the crucial technological
changes underway when it comes to protecting corporate data.
Here are the three big trends we think will
take hold this year.
1. Host and
network security technologies will begin to converge.
Signature-based malware defenses, whether running on the network or on the
host, can no longer be counted on to identify - let alone block - today’s
sophisticated attacks. More enterprises are just realizing now that they need
rapid insight to what is happening both on the network and on the host. Just
looking at one or the other doesn’t provide a complete picture into the nature
of attacks.
In the coming
year, what organizations will come to realize is that they need to thoroughly
understand the state of the endpoint and network at the time of attack. They’ll
want to know who was authenticated to the system at the time of the breach,
what services and applications were running, what data may have been
accessible, what networks and network segments the system was actively
connected, among many other potential variables.
The rationale
here is simple. As threats become more advanced, relying on data from
single-points on the infrastructure isn’t sufficient. That’s not good enough
for detecting threats, and certainly not good enough to respond to any
successful attacks or understand the extent of the risk presented. And
organizations are also learning that both incident response and detection
should be more closely integrated.
Security
Information and Event (SIEM) and incident response software vendors are aware
of these trends, too. And they’ll be continuing to integrate their solutions to
facilitate the ability to near-instantaneously grab state data on an endpoint
while sharing alert data with the SIEM. It’s also a trend we’ll be keeping a
careful eye on here at Threat Response.
2. Organizations
will increasingly focus on their data. This is a
welcomed trend. Organizations will
finally begin implementing processes and technology to maintain a “data map”
that details where all of their valuable unstructured data resides.
And just as
organizations now assess their systems for vulnerabilities that must be
remedied, they’ll also continuously audit for sensitive data, and look for ways
to enforce their data policy - such as where sensitive data can be accessed and
stored.
For years now,
whenever I speak in front of groups and I ask attendees if their organizations
have data retention policies, all of their hands go up. When I follow up with
who can enforce any of those polices, no hands go up. In the next year, we will
see more folks focus on technologies that will help them understand where their
valuable data actually lives.
3. Thin client, mobile virtualization and data centralization initiatives will be embraced to secure mobile
devices. More and more corporate data are being
accessed on mobile devices as more enterprise applications are being run on iOS
and Android tablets and smartphones. And part of the challenge is that
increasingly employees are choosing the devices and the services they want to
use to get their jobs done. No one wants to be forced to work on old, dull
corporate issued notebooks or mobile devices. They want to use the same phones
and tablets at work as they do at home.
The risk here is high. It means regulated
and protected information is much more likely to end up on devices that
organizations don’t even fully control.
So what’s likely to be the solution? I
think, increasingly, we will see enterprises give up entirely on trying to
control the BYOD trend, and instead they will choose to work with it. And the
technology they chose to do this will either be a mix of mobile thin client and
mobile virtualization, along with initiatives to centralize business data and
push users to these central repositories to work with this data. Approaches designed
to segregate or centralize critical business data in such a way as to make it a
more reasonable task to secure in a scalable manner.
In the year ahead, while many will focus
heavily on the advances of the threat and attack side of IT security, it’s
important not to forget the advances on the defense side of the ledger. You
don’t have control over the actions of the criminals and malicious, but you
certainly do have control over how you manage and security your data and the
level of security insight you bring into organization you create.