IT Security Landscape - Then and Now

By Shrikant Shitole, Senior Director & Country Head - India, FireEye

Then

The scale, complexity and impact of cyber-attacks have changed significantly over the past decade. Computer worms and viruses were the earliest types of cyber threats. These were followed by distributed denial-of-service at­tacks, critical infrastructure attacks, spearphishing cam­paigns, wannacry ransomware attacks and other types of disruptive cyber-attacks.

The Morris worm in 1989 was one of the first recog­nised worms that infected the cyber infrastructure. It was a self-replicating worm which spread around computers in the US, making the devices nearly unusable. In the mid- 1990s, with the growth of the Internet and the commer­cialization of cyberspace, the community of online users in­creased manifold and so did the volume of security threats.

Later, in the early 2000s, we observed hackers specifi­cally targeting and exploiting security flaws in the system software. The best examples would be the denial-of-service, internet incursions faced by the Estonian government net­works and the serial data breach of credit card numbers in the US.

The past decade has also seen a rise in state-backed cy­ber attacks. Dozens of nation states around the world have begun actively deploying cyber weapons to collect confi­dential military, government and diplomatic information.

Today the most common security threats come from financially-moti­vated cybercriminals. Criminals are honing their tactics and increasingly turning to targeted attacks and extor­tion to yield larger paydays.

Now

From the first widespread worms and objectionable traffic to new malware threats and advanced targeted attack­ers, cyber threat actors have come a long way. Broad, scattershot attacks designed for mischief are still around, but now organizations also have to contend with more sophisticated cy­bercriminal and nation state attacks.

Modern cyber-attacks are often conducted across multiple vectors and stages. They target specific in­dividuals and organizations to steal data. They use multiple vectors, in­cluding web, email, and malicious files and dynamically adapt to exploit zero-day and other network vulnera­bilities. These next generation attack­ers have a plan to get in, signal back from the compromised network, and extract valuable data despite network security measures.

Traditional defense-in-depth se­curity measures, such as next-genera­tion firewalls, antivirus, web gateways and even newer sandbox technologies only look for the first move—the in­bound attack. Signature-based tech­nology is no longer enough and they cannot protect against single-use malware. These conventional meth­ods of protection often fail because they are incomplete and have a lot of loopholes that can be easily exploited by advanced threat actors.

As the threat landscape has evolved considerably over the last 10 years, the security solution has also developed in response. Most organi­zations now opt for well-designed security architecture that helps them detect sophisticated attacks and even handle unknown, undetected threats.

The remediation scenario has changed dramatically. For years, inci­dents rarely reached the remediation stage because organizations weren’t aware they were breached. They are learning about intrusions much ear­lier – admittedly, sometimes still months too late – but much earlier nevertheless. Our Mandiant team is now able to deploy into organization very quickly. They conduct a foren­sic investigation, collect indicators of compromise, match those against a vast intelligence set, and eventually remediate the intrusion and re-secure the network. The scale and scope of these responses has grown dramati­cally. Investigations which reach tens of thousands of systems are becom­ing much more commonplace.

Advanced Persistent Threats

Advanced persistent threat actors can sidestep cyber security efforts and cause serious damage to organiza­tions. These groups are able to suc­ceed because they plan carefully, ap­proach their mission methodically, and they have the resources to con­tinue until their mission is accom­plished.

Security experts should not only determine the risk associated with a validated threat, but also determine how the threat got into the environ­ment, how it spread and what can and should be done about it. These insights are delivered as contextual intelligence that helps client organi­zations quickly prioritize and effec­tively respond to critical sophisticated threats.

Security-as-a-Service may be the Key

Today organizations constantly struggle to protect their data and rep­utation from increasingly resourceful attackers in an ever evolving threat landscape. It is important to under­stand the challenges and complexities that organizations face while trying to protect themselves against ever-evolving threats such as a shortage of security experts, inefficient processes, complex technologies and multiple si­loed point products.

Security exists to protect your business whether you operate in a cloud, on-premise or hybrid environ­ment. Security as a Service is a new mindset that delivers effective, effi­cient security with the value and scale an organization needs, when it needs it, so that it can stay focused on the core business. The technology and expertise delivered through this ap­proach can improve detection, inves­tigation and response time to mini­mize the impact of a breach. Given below are the four elements of future-proof security.

Engaging in a security-as-a-service model helps security teams overcome these issues. It’s more than cloud se­curity – it’s a new way to think about security.

Don't Miss ( 1-5 of 20 )