New approaches needed to secure networks
Organisations are finding it difficult to combat emerging and evolving cyber threats and need new approaches to secure networks.
So said Scott Stevens, VP of technology and worldwide systems engineering at Palo Alto Networks, presenting at the ITWeb Cyber Security Executive Forum at Montecasino last week.
According to Stevens, the barrier to entry for attackers has come down significantly over the years, with exploit kits now being easily purchased online with full support. Also, advanced persistent threats and procedures are now becoming the norm in cyber crime, added Stevens.
He noted advanced persistent threats are a set of stealthy and continuous computer hacking processes, often orchestrated by humans and used to target organisations and nations for business or political motives.
Cyber crime has become a $445 billion industry, with more than 100 nations actively building cyber military capabilities, said Stevens.
He pointed out these nations are not concerned about profit but motivated by warfare, terrorism, theft of secrets that give their country an advantage. They are initiating campaigns into networks in order to take advantage of weak defensive links, he added.
Mike Langley, Palo Alto Networks' regional VP for SA and Western Europe, pointed out the attackers have become more sophisticated, more automated and the legacy protocol-based systems haven't kept up with the change.
Legacy system providers are ill-prepared to deal with the challenges associated with advanced threats that have been finding their way onto the endpoint, and then working their way into the network, said Langley.
Stevens pointed out in the past, organisations were dealt with known threats - security would block known bad traffic and pass the rest of the traffic as good. Today, the biggest challenge organisations are meeting is unknown threats, he added.
Security today requires the ability to learn about the unknown traffic and define it as either known good or known bad - and this must happen in real-time, Stevens noted.
"The way networks are being attacked has changed, therefore if the attack patterns change, how we protect ourselves has to change at the same time," said Langley.
Organisations must consider a new approach - use creative thinking and innovative new technologies to not only address security issues, but also safely enable the business, he added.
According to Stevens, this new approach must account for the realities that today's attacks are not only multi-dimensional in nature, but also use methods that are constantly in a state of change.
An organisation is only as strong as its weakest entry point; therefore, an effective strategy must include multiple 'kill-points' working together to prevent all aspects of an attack, said Stevens.
This includes blocking the different techniques attackers might use to evade detection and establish command-and-control channels, he said.
"All you need to do is prevent the attacker from moving to the next step in order to stop the entire attack. If they cannot make the initial compromise, they cannot deliver malware," concluded Stevens.