This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
If this year's attacks on Adobe, LexisNexis, NASDAQ, US Airways, and dozens of other large and technologically sophisticated US enterprises didn't provide sufficient evidence that we are losing the cyber security war, the ongoing breaches by Anonymous make it undeniable. Why are the world's most IT savvy companies unable to keep attackers out of their networks?
Several factors are tipping the scales in favor of cyber criminals. These include lack of (threat) information sharing; insufficient automation of threat and vulnerability remediation; the absence of correlation between compliance, security and risk posture; the need to perform continuous security monitoring; and the ability to process huge volumes of data in order to detect and mitigate cyber-attacks in a timely manner.
Fortunately, a new breed of security technology called Integrated Risk Management (IRM) platforms has emerged which can make threats and vulnerabilities visible and actionable, while enabling organizations to prioritize and address high risk security exposures before breaches occur.
Let's take a look at how IRM systems can level the playing field in the cyber security war.
Contextualization of Threat Intelligence
The sharing of sensitive threat information is essential to preventing a widespread attack across different verticals and industries. Cyber criminals are coordinating their efforts and are well versed in sharing vulnerabilities and attack methodologies, so to counter them governments and private industry must work hand-in-hand to quickly distribute information about threats.
While initiatives to introduce a Cyber Information Sharing law have failed, information sharing communities such as the Financial Services Information Sharing and Analysis Center (FS ISAC) and Red Sky Alliance are offering threat feeds that organizations can leverage to contextualize the threat information within their own enterprise architecture.
IRM systems are capable of consuming threat intelligence data feeds and cross-correlating those with organizational attributes such as control and configuration settings, asset criticality, vulnerabilities, patch status, etc. This enables otherwise labor-intensive work to be avoided and common attack patterns to be detected and analyzed automatically, which dramatically reduces the risk of exposure.
Automating Threat and Vulnerability Remediation
Most organizations rely on multiple, best-of-breed, silo-based tools (e.g., fraud and data loss prevention, vulnerability management or SIEM) to produce the security data necessary to detect or prevent cyber-attacks. This model generates a high volume, high velocity stream of complex data that must be analyzed, normalized, and prioritized.
Unlike adaptive authentication, which is being used to automate behavioral pattern analysis for fraud prevention in the payments industry, many commonly used security tools lack the capability to provide self-analysis. IRM platforms can piece together data from different sources, connect the dots, and detect suspicious patterns that would indicate a cyber-attack or data breach, instead of requiring security operations staff to do so manually.
Sign up for MIS Asia eNewsletters.