Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/14/2017
10:30 AM
Saryu Nayyar
Saryu Nayyar
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Why Identity Has Become A Top Concern For CSOs

Seven of the world's top security leaders share their fears and challenges around the critical new role of identity in the fight against cyber adversaries.

Ubiquitous mobility and cloud-based computing are a double-edged sword. While they have transformed the way companies do business, the myriad benefits they provide are being undermined by the lack of security and the regard for risks surrounding identity. One of the reasons for this state of affairs may be that identity is still under the purview of CIOs, not CSOs.

Much of my thinking on these topics is derived from the many discussions I've had with leading CIOs, CISOs, and CSOs, who view identity as ground zero in the fight against cyber adversaries. I was convinced others could benefit from the wisdom they had imparted to me, which is why I set out to capture the ideas, experiences, and best practices of some of industry's leading security practitioners in my first book, Borderless Behavior Analytics.

A Proactive Approach Is Lacking
The core problem, as I see it, is that most security leaders are not attacking the evolving security landscape through proactive planning and change management. Instead, they are stuck in a reactive mode. It is not hard to understand why: the user profile is 24x7, global, instantaneous, and rich in consumer-driven IT.

I also asked the security leaders to consider how the explosion of digital data — primarily created by mobility and cloud adoptions — is challenging human analysis capabilities. The security perimeter has blurred and, for all intents and purposes, has simply faded away.

Everyone is on the Internet, all the time, and generating  staggering volumes of activity. At the same time, most employees have a low awareness of the access and activity risks involved in their Internet usage. This is producing undefined gray areas of risk that declarative defenses cannot address. Traditional perimeter defense mechanisms lack awareness of these access and activity risks.

Identity as an Attack Surface
Data no longer resides behind firewalls; that singular control point of protection is gone. Instead, there is a much more complex, hybrid IT security challenge of on-premises environments being connected to multiple cloud applications and multiple mobile devices. 

A popular quote among security pundits is: "There are only two kinds of companies. Those that were hacked and those that don't yet know they were hacked." Nowadays, attacks against businesses are likely to be very stealthy and targeted, and based around identity vulnerabilities.

Highly skilled individuals — sometimes IT professionals with a vast knowledge of the most effective ways to attack companies' vulnerabilities — carry out these attacks. These people move quietly and methodically within organizations, sometimes for years rather than months, acquiring the knowledge they need for their assaults.

At the root of most current threats is the misuse and compromise of identity, which give attackers access to the keys of the kingdom. Identity is now the critical access risk and threat plane.

What Keeps CSOs Up at Night
When asked to view security through the lens of identity, here are the most vexing issues that seven of the world's top CSOs came up with.

The security impact and challenges imposed by cloud and mobility on protecting hybrid, land, and sea operational environments. —Gary Eppinger, CISO of Carnival Corporation

Account compromise and misuse, insider threats, and how to implement a "resilient defense" model that makes it difficult for attackers to exfiltrate data once an environment has been compromised. —Jerry Archer, CSO of a major financial services company 

The fact that existing security defenses were built to protect an enterprise architecture that no longer exists, and where the industry needs to go with machine learning and context from big data. —Joe Sullivan, CSO of Uber

The need for a new approach that places identity and access at the core of security to protect digital and physical assets. —Teri Takai, former CIO of the Department of Defense (DoD) and current adviser for the Center for Digital Government

Understanding the levers behind security innovation and why defenses advance in such small increments. —Robert Rodriguez, Chairman and Founder of the Security Innovation Network (SINET)  

How to apply machine learning to behavior analytics across a variety of use cases. —Leslie K. Lambert, former CISO of Juniper Networks and Sun Microsystems

Uncovering the limitations of human processing, and developing technology alternatives for finding and responding to risks and unknown threats. —Gary Harbison, CISO of Monsanto

Hopefully, putting all these insights in one place and sharing them with the industry will help spur greater awareness, dialogue and innovation around the role of identity in cybersecurity.

Related Content:

Saryu Nayyar is CEO of Gurucul, a provider of identity-based threat deterrence technology. She is a recognized expert in information security, identity and access management, and security risk management. Prior to founding Gurucul, Saryu was a founding member of Vaau, an ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
UnHackable.Rocks
50%
50%
UnHackable.Rocks,
User Rank: Apprentice
6/25/2017 | 4:10:46 PM
Unicorn UnHackable Servers... 1 Group of them UnHacked since 1999. Hows your Record?
Subject line says it all.  UnHackable.Rocks
MattS054
100%
0%
MattS054,
User Rank: Apprentice
2/14/2017 | 4:41:24 PM
The Much Needed Evolution of IP
The protocol we're using today to power global commerce over the Internet was developed almost 50 years ago. Development efforts in the late 1960s and early 1970s created the TCP/IP protocol, which was originally designed to allow smaller local networks to communicate between short distances in ways they had never before. However at the time of its inception, reliability was the only concern as the idea of security was a man with a machine gun guarding the facility. Despite being an incredible development, as a result we are left with a protocol that is incredibly reliable, yet inherently unsecure as trusted identities was not part of the design. This has led to today's environment, where components are bolted-on for security, rather than baked in from the start. And given the number of data breaches we see in the headlines, we can all see how that's working out.

The time has more than come to re-evaluate the Gremlin of Internet protocols, TCP/IP. The Internet Engineering Task Force recently approved a standard-track network security protocol: The Host Identity Protocol, which many in the IETF community recognize as the next big change in IP-architecture. The protocol has been under development for nearly 20 years, in coordination with standards bodies, as well as many large corporations (Verizon, Ericson, Yokogawa, etc.).

HIP is an alternative encryption technology that was first deployed within the defense and aerospace industry, where nation-state attacks occur every hour. Specifically designed to be secure by default, HIP shifts the network trust model completely, by introducing trusted cryptographic identities within any network.
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.