It’s no secret that we’re facing a data security tsunami, and as attackers get more and more sophisticated, defenses are struggling to keep up. RSA (News - Alert), the cryptography specialists, have laid out five key points to keep in mind as enterprises face an escalating wall of attacks.
“As an industry, we are on a journey that will continue to evolve in the years to come through the efforts of all of us here today,” said RSA President Amit Yoran, speaking during a keynote at the RSA Security (News - Alert) Conference in San Francisco last week. “We have sailed off the map, my friends. Sitting here and awaiting instructions isn’t an option. And neither is what we’ve been doing – continuing to sail on with our existing maps, even though the world has changed.”
Yoran’s list of security truisms touched on the themes of assuming one will be attacked and likely breached, authentication and visibility:
1. Stop Believing that Even Advanced Protections Are Sufficient
The first thing to assume is that attackers are targeting your business — and doing it with gusto. This has been proven out again and again, and the phrase, “I wouldn’t be a target” is, simply, delusional.
"No matter how high or smart the walls, focused adversaries will find ways over, under, around and through,” Yoran noted during his keynote. After all, many of the advanced attacks last year did not even use malware as a primary tactic.
2. Adopt a Deep and Pervasive Level of True Visibility Everywhere – from the Endpoint to the Cloud
Knowledge is power in security as it is everywhere else. And in today’s complex, often borderless, often mobile work environments, understanding where and how people are accessing corporate resources is a difficult task that takes proper investment in the right tools. As Yoran explained, "We need pervasive and true visibility into our enterprise environments. You simply can't do security today without the visibility of both continuous full-packet capture and endpoint compromise assessment visibility."
3. Identity and Authentication Matter More Than Ever
With a rash of data breaches constantly grabbing headlines, one would think that this is a no-brainer. Yet authentication remains one of the weakest points in the security attack chain.
"In a world with no perimeter and with fewer security anchor points, identity and authentication matter more than ever . . . At some point in [any successful attack] campaign, the abuse of identity is a stepping stone the attackers use to impose their will,” Yoran said.
4. External Threat Intelligence is a Core Capability
Along with visibility into one’s own environment, being able to understand and contextualize threats against it is similarly critical to mounting an adequate defense. Yoran noted that many technologies exist to provide true visibility, proper threat intelligence and systems to help manage digital and business risk.
"There are incredible sources for the right threat intelligence . . . [which] should be machine-readable and automated for increased speed and leverage,” he explained. “It should be operationalized into your security program and tailored to our organization's assets and interests so that analysts can quickly address the threats that pose the most risk."
It’s a question of implementing them though. “This is not a technology problem,” he said. “This is a mindset problem.”
5. Understand What Matters Most to Your Business and What is Mission-Critical.
This is a bedrock issue. “You have to…defend what's important and defend it with everything you have,” he said.
Yoran noted that RSA, as a company, is re-aligning to map itself to this new paradigm — and that there’s not really another option. "2014 was yet another reminder that we are losing this contest," Yoran said. "The adversaries are out-maneuvering the industry ... and winning by every measure. To keep the barbarians away, we're simply building taller castle walls and digging deeper moats. Taller walls won't solve our problem."