Subscribe
  • Home
  • /
  • Security
  • /
  • Understand your network and security requirements

Understand your network and security requirements

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 19 May 2016
Organisations need to understand their network and their business processes to fight threats, says Rapid7's Craig Everson.
Organisations need to understand their network and their business processes to fight threats, says Rapid7's Craig Everson.

User-based analytics and behaviour is vital to understanding how to prepare and create an incident detection and response program. The user is central to all of these attacks and should therefore be treated as untrusted.

This was according to Craig Everson, technical director of Rapid7 EMEA, speaking at the ITWeb Security summit 2016 at Vodacom World in Midrand yesterday.

Everson shared some of the interesting research findings of a survey recently conducted by his company across a large variation of organisations to understand the magnitude of cyber attacks.

Through this research, Rapid7 wanted to find out if people are getting to grips with incident detection response and if they have the right capabilities to do so, he explained.

"We ran this research and the findings are similar, irrespective of the size of the organisation. Most organisations agreed their security teams were strained and they have incomplete ecosystem coverage.

"Also 90% of respondents worry about compromised credentials, but only about 40% can actually detect them. Organisations receive too many alerts, which they can't track down, and when they do, the investigation of that is taking far too long to resolve," revealed Everson.

It's important to have the right skills of people to fight threats, he continued, and not just technologies to respond to those threats. Organisations need both equally.

There is no one fixed technology solution that will respond to threats and companies therefore need the skills that will track down, and further detect these threats, while identifying false positives and working on what to do next, he added.

"Around 63% confirmed data breaches involved leveraging weak defaults or stolen passwords.

"We are seeing a rise of organisations' spending on prevention technologies. I would say these organisations should put in as many defences as they can first and then focus on detection," he advised.

He shared some findings from the latest Verizon Data Breach Investigations Report which revealed attacks targeted at users pose a dangerous and growing risk to organisations. It further revealed use of stolen credentials and phishing are No 1 and No 3 on the list of top threat actions.

"Just four years ago, these two were at No 9 and No 17. By exploiting a user's weak or stolen credentials or getting a user to click on a malicious link within an e-mail, attackers can easily gain access to your network and remain undiscovered for a longer period of time.

"Breaches are happening quickly, but 97 % of people around the world cannot identify a sophisticated phishing e-mail and only 3% of targeted users report malicious e-mails to management," he elaborated.

Solutions

In resolving cyber security issues, using behavioural patterns, data science and algorithms can be effective, but the most important thing is organisations need to understand how an attacker works and embrace an 'attacker mindset', explained Everson.

"You need to understand your network, your organisation, your business processes, who's involved, what data is important to you, before you even start focusing on security.

"You don't always have to have the best security; the secret is to have better security than the guy down the street from you. Deploy high walls and lots of defences and then you will gain far better visibility," he suggested.

Instead of randomly implementing solutions, he advised organisations to look for the best solutions which work specifically where they are required to work, as there's no quick fix that will give one solution across the entire network.

"Compliance is sometimes used to drive security but this is wrong, as compliance should be used to help with budgets and with the business case, it is merely a set of guidelines and rules," observed Everson.

Organisations should understand the traffic flows through the network from user to end point, to cloud, to critical service, in order to understand where they should place the right technology, he asserted.

"The goal is to understand your needs and buy according to your specific security requirements and priorities as an organisation," he concluded.

Share