New technologies and key breakthroughs strengthen cybersecurity
As cybersecurity becomes more and more complex and difficult to administer, there are many opportunities on the horizon, in the form of new technologies and policies. There are also steps that organizations must commit to take in the coming months to help keep their data secure.
Deceptive Technologies
Deceptive technologies provide seemingly real IT resources (servers, accounts, etc.) that act as lures to attackers and alert security teams when they access them. The objective of these systems is to increase the probability that internal security teams will detect intruders in their networks.
Deception technologies are becoming more stable and sophisticated now that they have been on the market for many years and can be a great option for customers who cannot afford a modern e-commerce program or those who want to implement additional detection methods along with their existing security operations.
Although these systems are impressive, work is still needed to determine which cheating versions are the most effective, especially when you consider how difficult it is to implement some systems. This approach has also not yet achieved widespread adoption, so we have not seen how the most sophisticated attackers might react to them.
Modern security operations should focus on deceptive technologies while other teams may prefer to try using user bait accounts or other options that require a more limited investment.
IA and machine learning
The revolution of artificial intelligence and modern machine learning in recent years have already impacted multiple industries and security is no exception. These systems offer impressive results when properly adjusted and represent a fertile area of research for additional work.
Unfortunately, there is also a lot of expectation in this area, and many suppliers include an “IA” or “machine learning” label on existing products or systems that do not represent a material improvement compared to previous technologies.
Additionally, most of these systems require building another data analysis platform, which can result in a costly proposition for many organizations. There will be great advances in AI and machine learning in 2018, and in some cases, they may already be present.
Hopefully next year we will see the foam of the market calm down and real systems emerge that integrate with existing platforms to really improve our defenses.
GDPR
At Rackspace, we have had many conversations with customers about the General Data Protection Act, an extensive set of new data privacy laws that every organization with customers in the European Union must adopt.
It has become a hot topic both because the deadline is approaching and also because it entails large penalties: 4% of global revenue if an organization fails to comply.
One of the biggest mistakes we see customers make is to focus on directly achieving a particular compliance regime rather than developing a unified policy infrastructure that helps your organization meet current and future measures.
The goal of an organization’s security and regulatory teams should be to use the tools and processes provided by the security team to satisfy their own policies. Let the security team map the controls and prepare the evidence, because that’s what they’re for.
Application Inventory
When working with a customer who uses Rackspace Privacy and Data Protection or Managed Security, some of the first questions we ask are the following:
- What systems do you have?
- Where are they?
- How important are they to your business?
We often find that customers fail to answer these questions. To build a security operation that takes into account the company’s risk and uses resources effectively to reduce that risk to an acceptable level, that operation must know what it is protecting, where the assets are, and how important they are to the company.
This cannot be built in a silo. Collaboration is needed from other parts of the business and that should encourage conversations about change management and other processes that look similar to those in the internal policies section below.
Reduction of the attack surface
A modern security operation assumes that adversaries will enter internal systems. Far are the days when firewalls or IPS systems could keep opponents out of the perimeter.
In fact, most of the organizations we talk to today use multiple clouds, including IaaS, PaaS and SaaS services. This means that most organizations don’t have a perimeter to protect.
The most effective method of reducing the number of times an adversary gains access to an environment (as well as the number of investigations that a security operations team needs to perform) is to limit an organization’s total attack area.
This includes traditionally boring and difficult processes such as patch and vulnerability management, but also includes new research opportunities in other security models.
Internal policies
One of the security areas with the least investment is internal policies. There are many reasons for this, both organizationally and because of market issues. Many small or not so sophisticated customers need to develop policies, either for lack of focus or lack of funds.
We also see a very strong emphasis from the security market on a tool-centered approach to dealing with security. This makes sense, as most companies sell tools, but the seemingly endless chain of security leaks in recent years tells us that tools alone cannot protect a company.
A policy function can help to understand the risk to the business, prioritize the necessary protections, attract investment, develop strategic plans, deal with the maintenance of policy infrastructures and measure the effectiveness of the operation.
Even if all this can sound overwhelming, especially for organizations without safety leadership, it doesn’t have to be that way. Having an incident management plan in case of security problems is a great place to start, and there are many free resources to start developing such a plan.