Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/24/2018
05:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Coviello: Modern Security Threats are 'Less About the Techniques'

Today's attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.

As the threat landscape changes, so too do demands on cybersecurity leaders and their teams. Art Coviello, executive chairman (ret.) of RSA, says today's defenders should be more concerned about vulnerabilities in the attack surface than on threat actors' specific techniques.

"What people don't get about the threat landscape is, it's less about the techniques and more about the attack surface, and the number of openings that have been created," Coviello said in an interview with Dark Reading during last week's RSA Conference in San Francisco.

He explained how security concerns have shifted since the time of the dot-com crash, when there were maybe 20- to 30 computer viruses. "Now, there are hundreds of millions," he pointed out. The tipping point came in 2007, a "watershed year" in which mainstream applications went online and the iPhone launch kickstarted the "age of mobility."

From that point, the attack surfaced continued to expand and has ever since, he said. Now we're at a point when employees are going straight from their devices to the cloud. The priority is no longer solely attack prevention, said Coviello, who serves on the Board of Directors at EnerNOC, AtHoc, and Tenable. It's about a resilient, holistic approach, he said.

One of the places where organizations leave themselves vulnerable is Web applications. With the onset of agile development, Web apps are no longer a curiosity, he said. They're expected. The waterfall method, in which apps were delivered annually or every six months, has been replaced with agile methodology. Now, developers are creating and updating apps in real-time.

Today's dev teams are under increasing pressure to make applications safe from the start. "If you don't build secure code in the first place, you're in big trouble in an age of agile development," said Coviello. If they don't get it right, security teams face the consequences.

With a larger attack surface, companies also have to do a better job of incident detection, response, and recovery. As security operation centers (SOCs) have become overwhelmed with alerts from their growing collection of intelligence systems, prevention is again top of mind. If they have enough information, security teams can spot when attackers are taking action.

"The best place to stop an attack is before it starts," Coviello noted.

Art Coviello
Art Coviello

The influx of threat intelligence tools has driven a change in mindset from reactive to proactive security. Previously, "all of the tools were siloed," he explained. "They only did one specific things; they didn't add any value to each other." Reactive security meant "plugging in the holes" between tools that left information and assets exposed.

Today's intelligence-driven security model makes it easier to identify and prioritize critical assets, applications, and infrastructure. Security controls need to add value to one another; for example, data loss prevention tools can help pinpoint critical assets. "We can't defend everything," said Coviello. "We have to understand what's most important." This means determining where valuable data lies and how an attacker might try to get it from the outside.

Proactive security may be the way to go, but many businesses have struggled to adopt it. "There's a critical shortage of people to implement that model," said Coviello, pointing to a key trend heard throughout the RSA Conference. "The cost of acquiring talent is skyrocketing."

It's also tough to convince business leaders to adopt new technologies when they don't understand the threats and risk. Most senior management employees don't understand technology, he explained, and neither do executive boards.

Finally, there is a need for more advanced technology to defend the rapidly expanding attack surface. "The attack surface has been growing faster than the industry has been able to develop the tools," Coviello noted.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
mehdi1973us
100%
0%
mehdi1973us,
User Rank: Apprentice
4/25/2018 | 6:51:51 AM
Nice article
I was cheerful and happy enthusiastic when this blog was presented. Interesting stuff to read. Lots of flowers and gifts for you.

 
FranchiseGlace
50%
50%
FranchiseGlace,
User Rank: Apprentice
4/25/2018 | 6:14:13 AM
Protect data
I think the most important thing in security, is to protect the data
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15540
PUBLISHED: 2019-08-25
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
CVE-2019-15538
PUBLISHED: 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a ...
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.