Security Technology Executive

JUL-AUG 2018

Issue link:

Contents of this Issue


Page 15 of 83

16 SECURIT Y TECHNOLOGY E XECUTIVE • July/August 2018 • www. Continued from page 10 Continued from page 8 Continued from page 14 Ransomware Prep The Scope of Security Convergence Geopolitical Tension... TECH TRENDS INDUSTRY VOICE CONVERGENCE Q&A shift's worth of product – avoiding a dollar loss in the tens or hundreds of thousands. Evaluating Security Convergence Security managers can assess the state of their security convergence, per their responsibilities, by review- ing to what extent they have engaged security stakeholders as described in the article titled, "The State of Con- verged Security Operations", available here: points. Consider who the stakehold- ers are and what the appropriate con- sultation/collaboration topics could be in the three aspects of convergence listed above. These will vary depend- ing upon the type and size of the organization. Remember that facility physical security assessments – those that touch base with the facility 's functional area stakeholders concern- ing security risks in their areas – is a common aspect of collaboration and but are often forgotten when the topic of convergence comes up. Each convergence touch point can be rated from one or more perspec- tives, for example: • Planning: Pre-Planning, Planned, or In Effect • Status: Started, In Progress, Com- pleted and Up-to-Date • Collaboration: Yearly, Quarterly, Monthly, Ongoing Undoubtedly there will already be some degree of stakeholder engage- ment. Often in such a review, addi- tional ideas come to mind for future such collaboration and consulta- tion. A report on the state of security convergence can contain as much or as little information as desired – depending upon what has been asked for and the status of convergence activities. It never hurts to develop such a report before it is asked for, as that invariably leads to ideas for risk discovery and mitigation. It's usually better to have a proactive stance than a reactive one. that his industry is a proven prime tar- get, with life-or-death consequences. "Unfortunately, the normal state in our industry does not reflect an all- inclusive approach to this problem," he admitted. "At Denver Health, we have a very comprehensive and lay- ered approach to the ransomware risk, coupled with an active employee edu- cation program and back-up strategy." Frietzsche agreed that past ransom- ware attacks prove that certain proce- dures should be a given, including con- tinuous patch management, enforced use of strong passwords, multi-factor authentication, and disabling unused ports and services. Further, "Defense in Depth" should address the following exposures along the data path: • Perimeter: Scan inbound emails for threats using URL checks, expe- riential content data, and spam profiles. • On the network: Use behavioral analytics to identify anomalous or unusual behaviors, analyze for malformed IP packets, and look for incomplete handshakes. • End-points: Consider disabling user ability to be a local adminis- trator, as this capability enables a hacker to not only gain local control but to escalate their way into the broader network. Use out- bound URL filtering to terminate connections to known bad sites. • End-users: Train, test, and then train some more. Finally, prepare for the event by hav- ing an active backup and recovery strat- egy in place. This can range from off- site tape backups to continuous online synchronized backups with anomaly detection that can monitor file change activity. In this regard, I also spoke with Disas- ter Recovery as a Service (DRaaS) pro- vider Infrascale at the Cyber:Secured Forum and learned that its tool moni- tors activity for large-scale file changes, which may indicate the occurrence of mass encryption. Embrace Intrusion Suppression Standards must shift away from castle-like architectures and move toward more effec- tive defense-in-depth models that mimic a supermax prison or intrusion suppression capabilities. The supply chains of most government agencies (and critical infrastructures on whom they depend) must be assessed for viable attack paths. It's no longer about perimeter defense, but blocking and tackling behind the lines. A next-generation firewall isn't going to help you in a time of calamity. Intrusion suppression will enable organiza- tions to react faster to cyber threats as well as incorporate the skill needed to prevent external threats. True ROI for next-generation technologies depends on decreasing dwell time and faster reaction to attackers -- but without the adver- sary knowing. Everything discerned must be remediated within effective time periods and must inform future defenses. Hackers are Friends, Not Foe Right now, we treat the hacker community as we would any other criminal - we hunt them and attempt to prosecute. But in the age of cyber warfare, we should protect and empower our domestic hacker communities; they can aid in fighting against cyberspace dangers. Other significant superpowers insulate, protect, and utilize the resources of their cyber hacking communities. But until we can go after the dark web communities of our adversaries to dismantle the trust within them, we will be ineffective in dealing with cyberwar. Through the global ISP community (the bulletproof hosts that create cybercrime hideouts for information sharing amongst those communities), we need to proactively go after the forfeiture of the alternative pay- ment systems and electronic currencies used to facilitate the transfer of goods and services on the dark web. A global cyber insurgency is in full swing. Continued geopolitical tension among glob- al superpowers is fueling cyberattack inno- vation. As attackers evolve and innovate, so must defenders. Our digital way of life depends on it.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - JUL-AUG 2018