Combating an advanced cyber threat landscape

---

Diwakar Dayal | Published: November 28, 2014 00:00:00 | Updated: November 30, 2024 06:01:00

---

The cyber world is continuously evolving. Organisa-tions and consumers alike are witnessing complex threats which not only possess the ability to disrupt business operations resulting in information leakage and also cause serious financial losses. For instance, a recent news article reported a 19 year old boy from a small town in India successfully hacking the website of a leading Indian PSU (Public Sector Undertaking). His rationale was to expose the loopholes in security systems; even amateur hackers such as him could access or steal confidential data from the corporate network.
This is not an isolated case and many 'ethical' hackers worldwide have revealed the various vulnerabilities that exist within corporate networks. As a result, organisations need to proactively develop strategies to maintain business continuity, provide infrastructure-wide threat visibility and protection, and simplify day-to-day network management. The entire security infrastructure network, systems, and management must work in unison to proactively defend against a wide array of threats, and reduce the mean time to respond and mitigate them in case of an event.
ENTERING A TRANSFORMED THREAT LANDSCAPE: Organizations are now in a threat era which has advanced dramatically. Earlier, hackers were enticed by fame and recognition but now systems are increasingly exploited for financial gains. Hackers are adapting faster and posing serious threats even before software and operating system vendors can develop patches and workarounds. Threats have also assumed a global nature. There were news reports which stated that Sony Playstation Network underwent a security breach, which compromised the personal data of a staggering 77 million accounts. The company executives eventually apologised and admitted that they had not taken the requisite safety measures to prevent such an intrusion. Other incidents include the LinkedIn password breach and Skype which was compromised by a malicious spam. This indicated that in addition to broad-scale worm and virus outbreaks, IT organisations need to protect against network threats that are specifically designed to avoid detection and can bypass traditional defences.
Employees knowingly or unknowingly put organisations at risk by regularly flouting IT policies. Cisco's Connected World Technology Report revealed startling attitudes toward IT policies and growing security threats posed by the next generation of employees entering the workforce -- a demographic that grew up with the internet and has an increasingly on-demand lifestyle that mixes personal and business activity in the workplace. According to the report:
* About 87 per cent of employees in India are aware of security issues when accessing corporate networks from remote locations. However, about 40 per cent respondents confirmed lack of concern for privacy.
* About 79 per cent of employees surveyed in India flout the company's IT policy all the time -- highest in all regions surveyed
NEXT GEN NETWORK SECURITY: The need for next-gen security is but obvious. However, the "next generation firewall" is the most commonly misinterpreted terms for next-gen network security, which might not be the right answer. Such firewalls are still relatively restricted, providing only application and user ID awareness and are unable to offer insights about the activity which takes place within an organisation's network. For instance, IT can easily decipher which employees actively surf social networking sites such as Twitter, Youtube, Pinterest. However, knowing that the majority of their network traffic is the result of playing games on Facebook and setting up a mechanism to curb that, is a different challenge altogether. Next-gen firewalls are also unable to offer the level of granularity required in such cases as the entire application is either completely allowed or disallowed. This also means saying no to new devices and applications.
So, it is vital to adopt a framework which allows IT to deploy a security mechanism which provides for an end-to-end network intelligence and includes information about the local network, near-real-time global threat information and helps create effective security policies.
FOUR MANTRAS FOR CREATING A ROBUST ARCHITECTURE: Most organisations have tools in place that can be used as a starting point to develop a robust threat prevention architecture. Technology can be introduced in phases as and when the security strategy for the company gets revised.
* Maximise the efficacy of existing security infrastructure: Most organisations have already deployed firewalls and antivirus solutions. These products help act as both the first and last lines of defence and can provide invaluable information to administrators regarding the status of the network at any given time.
* Fortify the remote sites of the organisation: Remote sites, including branch and satellite offices, partner locations and remote users increase the chances of threats being introduced into an organisation. Wireless networks, proper access control (including into the facilities) and unmanaged devices can pose challenges when trying to protect critical information and end systems. So, it is critical to fortify the remote end points so as to minimise damage.
* Day-Zero Protection and enhanced Threat Visibility: Server, system, and application infrastructure protection should be fortified to protect against day-zero exploits and assure conformity to governance policies and regulations. Incremental changes to an organisation's existing security technology can dramatically improve the security posture of the organisation.
* Self Hacking: Self-hacking means penetration testing, security auditing, compliance testing, mock security drills etc. The testing can be against physical assets, information assets, or both. Whatever it's is called, whatever is the target, it is imperative to practise incident response.
CONCLUSION: From viruses to phishing to hijacking to intrusions, the evolution and complexity of threats must be addressed in a way that helps IT departments to make quick decisions based on the intelligence available across the entire IT infrastructure. It is important to have a network which provides accurate, detailed threat analysis, prevents, detects and mitigates threats to help ease the burden of information overload. This helps the IT department to respond and remediate in a much lesser time span. Governance is also critical to the success of a wholesome security practice. Without formal governance, companies cannot define a clear path for moving the organisation successfully and strategically from a managed world to an unmanaged or "borderless" world, where the security boundary is no longer defined and IT does not manage every technology asset in use in the organisation.
The writer is VP Sales (Security), Cisco India and SAARC.
ddayal@cisco.com