Showing posts with label Predictions. Show all posts
Showing posts with label Predictions. Show all posts

Better Incident Response Is the Real Game Changer

Josh Beckett As usual, on my very long drive to work, I was getting my daily fix of NPR and a couple of stories prompted me to write today.  First was a story that had to do with one of the interesting side effects of moneyball and how it was making baseball games longer by increasing the value of players that get walks.  More walks = longer games = less action = more fan boredom.  Their take away from get what you ask for.  Not very security-esque, but stay with me.

The second story had to do with one of those agencies that's been in the news lately for monitoring lots and lots of email and phone communications.  I've heard claims that all three branches of government had oversight into the process.  It struck me that there is a major problem with that claim.  They were all sworn to secrecy and operating behind closed doors.  No transparency; just a tacit statement that we only look at the facts relevant to the bad stuff.  Ok, so how are they related?

A Trio of 2013 Security Predictions

Anthony Di Bello It’s that time of year again. The time when everyone predicts what they think will happen in the next year when it comes to IT security.  Most are predicting the obvious: attacks will increase in both numbers and complexity; they’ll be more hacktivist type of attacks, and another major headline-making breach or two.

No doubt most of these things will happen. But many of these predictions overlook some of the crucial technological changes underway when it comes to protecting corporate data.

Here are the three big trends we think will take hold this year.

1. Host and network security technologies will begin to converge. Signature-based malware defenses, whether running on the network or on the host, can no longer be counted on to identify - let alone block - today’s sophisticated attacks. More enterprises are just realizing now that they need rapid insight to what is happening both on the network and on the host. Just looking at one or the other doesn’t provide a complete picture into the nature of attacks.

In the coming year, what organizations will come to realize is that they need to thoroughly understand the state of the endpoint and network at the time of attack. They’ll want to know who was authenticated to the system at the time of the breach, what services and applications were running, what data may have been accessible, what networks and network segments the system was actively connected, among many other potential variables.

The rationale here is simple. As threats become more advanced, relying on data from single-points on the infrastructure isn’t sufficient. That’s not good enough for detecting threats, and certainly not good enough to respond to any successful attacks or understand the extent of the risk presented. And organizations are also learning that both incident response and detection should be more closely integrated.

Security Information and Event (SIEM) and incident response software vendors are aware of these trends, too. And they’ll be continuing to integrate their solutions to facilitate the ability to near-instantaneously grab state data on an endpoint while sharing alert data with the SIEM. It’s also a trend we’ll be keeping a careful eye on here at Threat Response.

2. Organizations will increasingly focus on their data. This is a welcomed trend.  Organizations will finally begin implementing processes and technology to maintain a “data map” that details where all of their valuable unstructured data resides.

And just as organizations now assess their systems for vulnerabilities that must be remedied, they’ll also continuously audit for sensitive data, and look for ways to enforce their data policy - such as where sensitive data can be accessed and stored.

For years now, whenever I speak in front of groups and I ask attendees if their organizations have data retention policies, all of their hands go up. When I follow up with who can enforce any of those polices, no hands go up. In the next year, we will see more folks focus on technologies that will help them understand where their valuable data actually lives.

3. Thin client, mobile virtualization and data centralization initiatives will be embraced to secure mobile devices. More and more corporate data are being accessed on mobile devices as more enterprise applications are being run on iOS and Android tablets and smartphones. And part of the challenge is that increasingly employees are choosing the devices and the services they want to use to get their jobs done. No one wants to be forced to work on old, dull corporate issued notebooks or mobile devices. They want to use the same phones and tablets at work as they do at home.

The risk here is high. It means regulated and protected information is much more likely to end up on devices that organizations don’t even fully control.
So what’s likely to be the solution? I think, increasingly, we will see enterprises give up entirely on trying to control the BYOD trend, and instead they will choose to work with it. And the technology they chose to do this will either be a mix of mobile thin client and mobile virtualization, along with initiatives to centralize business data and push users to these central repositories to work with this data. Approaches designed to segregate or centralize critical business data in such a way as to make it a more reasonable task to secure in a scalable manner. 
In the year ahead, while many will focus heavily on the advances of the threat and attack side of IT security, it’s important not to forget the advances on the defense side of the ledger. You don’t have control over the actions of the criminals and malicious, but you certainly do have control over how you manage and security your data and the level of security insight you bring into organization you create.