For many years traditional network and endpoint security tools have been the go-to defenses that organizations have relied upon. Companies have always invested heavily in Firewalls and Anti-virus to create a perimeter-focused security infrastructure that has, until more recently, been effective enough to protect data to a reasonable degree.
However, things change, and so has the threat landscape. Most businesses are now not adequately equipped to handle today’s increasingly complex cyber threats and lack the higher-end tools required to quickly spot and recover from them, instead opting to rely on the traditional methods that functioned well enough in the past.
“The problem is, business has invested a lot into the protection they have and its served them okay thus far, but now the bad guys have evolved to get around it and business is struggling to see why the tens of thousands of pounds worth of Firewalls that it bought last year are now ‘pointless’ according to the experts,” said Jay Abbott, MD, Falanx Cyber Defence.
“Thinking you can ‘keep the bad guys out’ by building a wall and then letting all the users inside the wall request data through it from the outside world, is near lunacy,” he argued.
The facts are clear; traditional security tools, whilst still serving a purpose, are simply not enough on their own to help companies deal with threats that are constantly evolving and becoming far more targeted. They focus too greatly on protecting the perimeter, but if a hacker manages to break through the periphery, they’re pretty much free to pillage the network to their heart’s content until the attack is eventually spotted and stopped.
So, what else do companies need to be doing? Just how do they go about implementing the type of holistic security infrastructure that is up to scratch and can defend against cyber-criminals that are now so sophisticated they operate within set ups that are akin to professional organizations with their own recruitment specialists and HR departments.
Abbott believes security information and event management (SIEM) goes a long way to answering that question, and it’s something that has often been overlooked.
“The simple truth is you detect modern attacks through monitoring your environment for abnormal behavior,” he explained. “Tools can help, but for the most part it’s about the basics, collect all the logs, define a baseline of ‘normal’, analyze events against normal, flag ‘interesting’ events for follow-up and then investigate the interesting things. Do this proactively with a SIEM engine of your choice backed off to your in-house security team or with a managed service provider that can do it all for you.”
Luis Corrons, PandaLabs technical director agrees, telling Infosecurity SIEM, when used alongside Anti-virus and Firewalls, is one of the key factors to boosting a company’s security. He also explained that you can take a step further by using Endpoint Detection and Response (EDR) solutions that include SIEM, AV and FW and also add other layers of security, such as anti-exploit technologies and the ability to monitor and classify in real time all the processes running in each and every computer (workstations and servers) in the network.
“With EDR you can prevent most of the attacks, even the targeted ones, and you can even configure your most critical systems in lock mode, which means that only pre-approved software will be allowed to run there. Some vendors that provide these solutions give you the option to use their own SIEM, or in case you already have one they can connect to your current SIEM and send there all the information, IoCs, etc,” he added.
What’s clear is organizations have to be prepared to invest and introduce these newer security techniques, and they have to avoid resting on their laurels in the hope their traditional tools are going to keep them safe. Thanks to the Internet of Things and the Cloud, the perimeter is now limitless, so relying on security tools that focus on a quantifiable perimeter than does not exist anymore is a huge risk.
Threats are changing all the time; new malware, direct and zero-day attacks are hitting companies hard and it’ these types of attacks that the traditional tools don’t and can’t spot until it’s far too late.