Credit card fraud, account credential theft and targeted attacks out to steal intellectual property are easily bypassing traditional security technologies, forcing businesses to consider new ways to address the constant barrage of threats against their networks.
That was the message from Amit Yoran, a security industry veteran who addressed attendees this week at UBM's XChange 2013 conference. Budget inertia has caused some companies to continue to buy traditional approaches, such as standard firewalls and antivirus, but the technologies are failing at threat detection and prevention, said Yoran, general manager and senior vice president at RSA, the security division of EMC.
Technologies are beginning to make advances on threat detection by combining behavioral analytics, threat intelligence data and network traffic visibility, Yoran said. But, organizations can't address security problems with technology alone. Risk-based decisions require careful assessment to identify the key business processes and sensitive data within the organization, he said.
"If you identify critical business processes and assets, you can use that information to bolster your security operations center," Yoran said. "Now you can start focusing on attacks going after your information and key executives."
Yoran served for a year as the director of the national cybersecurity division within in the Department of Homeland Security in 2003 and 2004 under the Bush Administration. He was CEO of network monitoring appliance maker NetWitness Corp., which was acquired by EMC in 2011. RSA executives credit NetWitness with helping speed the detection of the company's SecurID breach.
Data breaches are far too common for a variety of reasons, Yoran said. Employees provide information about their private lives on blogs and social networks, making it easy for attackers to conduct targeted phishing attacks against them.
"The availability of all this personal, private information has increased our level of exposure to those types of sophisticated attacks," Yoran said. "Executives and other key people in the enterprise are being targeted."
Businesses are struggling to deal with an "inverted perimeter," according to Yoran, with internally hosted enterprise applications and infrastructure increasingly connected to externally hosted resources. In addition, more devices are becoming Web-enabled, increasing the attack surface for cybercriminals.
The security industry also faces a skilled personnel shortage, creating a need to increase the skill sets in the channel to address security, Yoran said. Big data analytics will need analysts to make queries and decisions. Meanwhile, network monitoring appliances need skilled professionals at the helm 24/7, he said.
"We're not going to be able to defend against everything," Yoran said.
Perimeter based solutions, static controls and siloed management systems were designed to be reactive and no longer work, Yoran said. With a myriad of ways for attackers to gain access to business systems, the market demands increased network visibility and a risk-based approach to defending against threats, Yoran said.
"Unless you have visibility into what is happening in environment you cannot be successful in defending against any form of advanced threat," Yoran said.
PUBLISHED AUG. 21, 2013