Adaptation to cyber-threats requires a new level of specialization

Eddie Schwartz

China gets blamed for everything these days; sometimes it is warranted and at other times it is not. Regardless of who the actor is, one thing is certain: our adversaries are succeeding at achieving their objectives. With story after story of data breach, intellectual property exfiltration, or Web site compromise, at some point senior managers have to say to themselves, “The current security model is fundamentally broken. How can we fix it?”

We struggle to solve this question. Joe Tucci, the CEO of EMC, once used an example comparing the Chunnel (a greenfield project) versus the “Big Dig” project in Boston, MA (which was built on decades of legacy infrastructure) to describe the complexities and realities inherited by IT professionals. Most people in the information security profession would agree that the Big Dig is similar to their environment, compared to the few that have the luxury of a “Chunnel-esque” greenfield security program.

As with any complex infrastructure of Big Dig proportions, a paradigm shift which employs new architecture, techniques and processes is required to achieve a successful security defense in the future.

In information security, a forward thinking strategy should embody a programmatic transformation of our defenses to counter those threats we are faced with today and, more importantly, be agile and intelligent enough to mitigate the unknown threats heading our way in the future.

According to a recent Ponemon Institute study, 70 percent of information security professionals surveyed believe that the growing volume of cyber-threats is making the technology landscape much more dangerous. In order to achieve effective defensive capabilities, organizations must design a migration path predicated on enterprise-wide threat visibility and situational awareness on their network. People will be a critical component in the transformation strategy because technology will never completely automate or replace the need for human intelligence and decision making.

Trained, experienced information security professionals are a rare commodity in the fight against cyber-criminals, yet organizations continue to under-realize their potential and under-appreciate the value of their contributions to the business. This fact was evident during the recent economic downturn, as infosec teams, who arguably already were running leaner than other areas of IT, were further slashed. With the economy starting to show improvement, information security professionals are seeing some opportunities open up, but the pace is slow. Compared to the pace of innovation in the threat landscape, many organizations are falling further behind the curve, and catching up seems unlikely. 

The current technologies relied upon by many organizations, mainly anti-virus and intrusion detection systems, are failing, 90 percent of survey respondents believe, because the exploits bypassing IT systems are advanced threats.

The pressure applied by various threat vectors, especially the Web -- combined with rapid malware production -- should encourage organizations to create dedicated malware analysis and network forensics capabilities within their information security and incident response teams to deal with such advanced threats. Individuals who excel in these areas are typically inquisitive, creative, independent and persistent, just like their adversaries. When armed with knowledge and effective tools, these special teams can be extremely valuable assets in an organization’s overall risk reduction program and proactive security operations.

Many global enterprises and government entities that view their intellectual property as critical and sensitive, or fall under specific industry or government regulatory compliance regimes, have already taken such steps in their transformational security strategies by creating and investing in this specialized function. However, these capabilities are not only attainable by large and well-funded organizations. A regional hospital under HIPAA mandates, for example, with only two security professionals, has the capability to accomplish the same thing, if they are willing to actively defend their networks and believe such steps are important to the survival and reputation of their business.

Our industry needs to be better organized and equipped to understand cyber actors and their current advanced attack methodologies. Public and commercial entities must train security experts to think differently -- using an intelligence analyst’s mindset -- and use agile operational processes and next-generation network security monitoring technologies, which provide situational awareness and definitive answers to complex questions.