Evolving cyber threats demand coordinated defense
Deep packet inspection, identity management, continuous monitoring for cyber crime fighting tool box
During the past several years, the type and frequency of cyberattacks have changed dramatically. Today, organizations are subject to increasingly sophisticated intrusion tactics that are more destructive and malicious than before. Newer technologies such as cloud computing, social networking and the proliferation of mobile devices also have provided new opportunities for hackers to find and exploit vulnerabilities.
According the Ponemon Institute, malicious attacks — from inside and outside organizations — were the root cause of 31 percent of data breaches in 2010, up from 24 percent in 2009 and 12 percent in 2008. What’s more, cyberattacks are costing organizations $214 per compromised record and an average of $7.2 million per data breach event, according to the Ponemon Institute.
The problem in the federal government is no less significant. Recent research from Input noted that during the past year, federal agencies have experienced a 78 percent growth in cyber incidents.
The government is on the case. The military last year created the Cyber Command, complete with a four star general to lead it. The goal of the Cyber Command is to protect computer networks from cyberattacks. And in May, the Obama administration proposed a plan in which the Homeland Security Department would coordinate with the private sector to increase cybersecurity.
However, organizations can’t rely on those advances. The changing threat landscape requires organizations to take a new approach and perhaps implement new technology to keep pace.
The most important thing, said Balaji Srimoolanathan, research manager and senior security consultant at Frost & Sullivan, is to take an end-to-end approach to cybersecurity. For too long, he said, organizations have employed different solutions for physical and information security that can leave gaping holes in a security strategy.
“Rather than gathering a bunch of disparate solutions, get an end-to-end solution from one vendor that includes everything from a complete audit of the data network and IT infrastructure to physical security,” he recommended.
At the very least, that includes a vulnerability assessment and an IT/networking audit, followed by identity management, deep packet inspection and behavioral filtering.
Identity management, which ensures that users can access only the data and applications they have clearance to access, is a baseline technology every organization should employ. It generally works by assigning roles to users on the system; each role has a different level of authorized access to content and areas of the network. It also makes extensive use of biometrics, digital certificates and user name/password combinations.
Deep packet inspection technology is another tool in the arsenal. Many think deep packet inspection, which examines the individual digital packets that make up data or e-mail messages sent via the Internet, is the best way to provide security for IP traffic. The technology generally is used to help organizations monitor and manage network traffic while identifying and blocking security threats.
That’s especially true for the government market. According to a report released earlier this year by Market Research Media, government-related IP traffic will quintuple between 2010 and 2015. That growth, along with exponential growth in data processing power and new cyber threats, has increased the deployment of deep packet inspection technologies in U.S. government agencies. Its use is growing so fast that the study called deep packet inspection “a major line of cyber defense for years to come” in government organizations.
Behavior-based filtering is another burgeoning tool to help combat cyberattacks. Basically, it’s a way to track the behavior of people who are accessing content.
“If a particular user tends to access a particular file three or four times in a given period of time but on one day tries to access it more than 20 times, the system would trigger a notification,” Srimoolanathan said. “It’s common in the defense world today, but it will be coming to the commercial market in three to four years.”
Another up-and-coming factor that should improve cybersecurity is the Security Content Automation Protocol (SCAP), developed by the National Institute of Standards and Technology. The goal of SCAP, which is endorsed by major security vendors, is to create a standardized way of maintaining the security of enterprise systems. SCAP provides a way to identify, express and measure security data in a standardized way. Many think that after SCAP is fully ratified and becomes integrated in off-the-shelf security solutions, it will greatly improve cybersecurity.