Can Security Be Efficient Without Expertise or Intelligence?
Threats evolve fast, don’t lag behind!
I recently returned from a business trip to an exotic destination, which is also a massive emerging market depending on how you look at it. The folks I’ve met do not seem to face other challenges than what you see in mature markets, but I could easily relate to the sheer interest of people to learn and adapt and act quickly. They were keen to get knowledge and use it, knowing that without it they may stay behind.
In today’s threat landscape, if you aren’t able to react quickly enough, you will suffer.
If you do not have the latest intelligence, you will suffer.
In the business world, suffering usually mean carrying associated costs. The impact can be direct like fines, compensation or reputation loss after an attack, or indirect like bad customer experience that eventually translates to lower conversion rates and a deteriorating brand image, sometimes only because of false positive decisions your security solution made.
[You might also like: The Evolution of a Threat Intelligence Feed]
Why aren’t you on top of e-v-e-r-y-t-h-i-n-g?
CISOs today unfortunately are not measured by the 99.999% of events they control and mitigate successfully, but may be judged by that 0.001% they missed. Is it fair or unfair? How do you minimize the risk?
You can buy the latest technology in the market – but then your team has to learn how to operate it and integrate it with your other security systems.
Say you operate it and integrate it well – by the time you got to that point, your technology is no longer the most recent.
Not only is it already outdated, your expert just got an offer and is now leaving.
How do you maintain the knowledge and the technology current?
While we can have our own strong opinions on what’s the best way to do so, our studies tell us that more and more companies simply choose a managed security service to be able to overcome that challenge. The reason would be that the security partner, or better yet – the vendor, will always be the number one expert for the solutions it brings to market. So, if you want to make sure you are making the most out of your investment, let security be managed by experts. In one of three cases, it’s not even about the security management, it is simply about responding to events. According to Radware’s 2017-2018 Global Network and Application Security Report, 33% of organizations have no emergency response plan to the event of a data breach, DDoS attack or any other form of malicious activity.
If this attack is launched by a determined threat actor and lasts more than 24 hours, the IT security teams in three out of five companies will be exhausted fighting it off after the first day. With the exponential growth of IoT devices integrated into the networks, the primary concern of security professionals is the impact on the complexity of security management. Not to mention the variety of platforms and frameworks that must be securely integrated.
Even if you have a skilled SOC that is able to address most of the events against your information network, there are some highly sophisticated attacks or simply new ones that exploit new vulnerabilities. You would want to make sure your vendor backs you up in emergencies, and is there for you within 10-15 minutes while the situation can be contained.
[You might also like: Entering into the 1Tbps Era]
Let’s be intelligent
In addition, the solution you use is usually tailored to handle threats that are known when it is developed and introduced. Indeed, self-learning solutions are emerging today and in order to optimize their detection and decision making accuracy (i.e. avoid ‘suffering’) – or in other words, make them more ‘intelligent’ – they must be constantly introduced to new attack types. Threat intelligence feeds contribute to keeping the solutions up to date and capable of detecting and blocking new attack types as they emerge. Ongoing, emergency and customized signature updates in addition to real-time data from events that are happening in an information-sharing network will maximize the protection delivered by the solution. Think about national security – known criminals or those who are engaged in planning a terrorist act will not be granted a visa, and will not be let on the plane. Same here – if you are able to recognize a certain source as malicious, why let the threat get anywhere your network? It can be blocked at the perimeter without the ability to form any communication or attack.
Expertise and intelligence are a must-have against evolving threats.
Since service availability is a key factor for businesses today, there is little room for trial and error in the event of a cyber-attack. Even during peacetime organizations must reduce the attack surface as much as possible and prevent threat actors from getting anywhere near their valued assets. Maintaining application SLAs, keeping data confidential and assuring performance and flow are all critical requirements that are complex to achieve in today’s threat landscape. Organizations who struggle to maintain updated knowledge of this threat landscape require access to security expertise and real-time intelligence to protect their network assets, applications and data. Even with the best protection devices and a knowledgeable staff – denial-of-service (DoS) attacks, application exploits or malware outbreaks are a major challenge to your business and can create unwanted situations. As threats evolve and become more complex, security needs to be managed by experts.