In order to adequately allocate budgeting dollars in the right place, organizations need to know where their most critical data resides and what threat actor is likely to target it, said Rick Howard, chief security officer of Palo Alto Networks, in an interview with CRN. Howard, a security industry veteran, said a threat assessment is one essential component in establishing where many resources need to be allocated.
Businesses need to know if they are targeted by financially motivated cybercriminals, hacktivists or nation-state sponsored cyberespionage threat actors, Howard said. Some businesses may determine that the loss of certain data won’t be a major impact to the business and decide to focus on higher business priorities.
The industry is transitioning away from outdated incident response team processes of running to infected systems, taking them offline and wiping them, Howard said. It makes more sense to determine the threat actor associated with the attack and, based on the adversarial profile match, get more detailed information on what other systems were likely compromised.
"The adversary has a campaign plan; they're not just interested in a laptop; they have goals in mind," Howard told CRN. "We need to be able to develop those adversary profiles of what they are trying to accomplish and how they are going to do it."
Modern security appliances are detecting previously unseen threats but they haven’t yet scaled down to justify the cost for most small businesses, said Scott Fuhriman, a security expert who heads sales at a regional solution provider in the Midwest. Small banks and regional retailers are among the first SMBs to adopt the latest technologies, but detection needs to be followed up with investigating threats and addressing the targeted weaknesses, Fuhriman said.
"I think that the technology is a good technology and has its place, but the cost of it right now is very prohibitive for most organizations except for enterprises," Fuhriman said, referring to technologies like Palo Alto Networks' WildFire service and FireEye's platform designed to analyze suspicious files. "As more competitors come to market, it drives the costs down so more organizations have access to the technology.”
PUBLISHED APRIL 1, 2014