In December, I had the pleasure of joining a few industry experts for (ISC)2’s final ThinkTank roundtable of 2016 to present and debate about some of today’s most pressing security challenges. The goal of the webinar, Threats – The Wolf that Never Leaves the Door, was to discuss threats, threat management, and incident response. Moderated by Brandon Dunlap, Senior Manager of Security, Risk, and Compliance at Amazon, the panel also included Dominique Killman, Crowdstrike, and Michael Rodriquez, Intel Security.
To me, the most interesting part of this panel was discussing some of the critical boxes that organizations must check off when it comes to finding and dealing with cyber threats. For example, monitoring is a common part of the response process, however, too many organizations believe that technology is the keystone to defending themselves against attacks from individual adversaries or nation-states. It is impossible to monitor for, detect, and prevent all attacks.
As Bruce Schneier once said, “Data is a toxic asset.”
The bottom-line is this: the second an attacker enters your system, they have access to any sensitive information you may have. The attacker is then able to utilize this information for any future attacks on your network, much like the wolf that never leaves the door.
Resting on your laurels and waiting for a monitoring process to detect and identify attacks takes too long. By the time the target has been identified, odds are the actor already has a presence on your network. For example, if you have an IoT controlled device, you should architect the system to assure that if any piece is compromised, the actor cannot use it to infect all the other devices on the same network. Many cybersecurity organizations cordon off these networks with approaches like cloud management, virtualization, and containerization with the goal of minimizing the amount of data exposed to the surface by building microbubbles around the information.
Unfortunately, targeted attacks are migrating into more verticals and pinpoint specific victims, and are avoiding detection from security systems or experts because they do not fit the target population. Organizations need to consider the approach of resiliency so that when they are inevitably compromised, they can minimize the amount of damage. Attackers’ methods range from innocent-looking links or a malicious attachment in an email, and simply clicking the wrong thing can give attackers immediate access to your entire environment. It is important for organizations to architect systems that isolate attacks from the network. By separating the browser from your network, such as Passages does, you can prevent attacks in real time and prevent breaches within your enterprise.