Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/2/2017
10:30 AM
Rinki Sethi
Rinki Sethi
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Staying in Front of Cybersecurity Innovation

Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.

Cyber attackers can launch thousands of attacks daily. Many of these same attackers don't even need serious technical expertise to do so; they can simply purchase (or even rent) DIY hacking toolkits or subcontract the actual attack campaign to a hacker-for-hire. With such low entry barriers and a threat landscape that's evolving rapidly due to relatively easy access to processing horsepower and automation technologies, cybersecurity must be top of mind at any organization.

Fortunately, many new technologies are new to security operation centers (SOCs) and the teams that run them. The use of automation, machine learning' and big data has the potential to detect, analyze' and contain most threats automatically, without the need for human intervention — which leaves SOC teams with more time and resources to dedicate to hunting more sophisticated attacks. But if SOCs want to take advantage of emerging cybersecurity technologies, they'll need to rethink their playbooks and make significant changes to technology roadmaps. Why? Because innovation in cybersecurity is challenged by two seemingly conflicting ideas: it's happening too slowly and too quickly. Allow me to explain.

Some say that most recent innovation in cybersecurity industry has been incremental, not revolutionary. Specifically, the products and services currently used in cybersecurity have been around for years, and today's more advanced threats aren't going to be stopped by simply adding a few new features or performance enhancements. Slow and incremental updates to well-established cybersecurity products and services will not protect a network against today's more evolved threat landscape; the adoption of new and revolutionary technologies is required.

For others, the massive volume of innovation is paralyzing. There are so many startups touting new cybersecurity products that it's easy to become overwhelmed by the sheer number of new point products and their related concepts/buzzwords (machine learning, threat intelligence, automation, etc.). How do you figure out what the right security solution for your organization is when a new one launches every week? How easily do new products integrate into your existing security architecture? Is the product addressing a security issue that your organization is likely to encounter? How much manpower and time are involved in maintaining the new product? Attempting to answer such questions makes it easy to see why keeping up with cybersecurity innovation is such a challenge.

Here are three tips to help you strengthen your organization's security posture and stay in front of cybersecurity innovation.

Tip 1: New Technology Only Works if Implemented and Used Correctly
Having the latest and greatest technology is only effective if that technology is implemented and configured properly. When considering any new cybersecurity product, remember first principles. Go back and ask the key questions. What is your security team responsible for? Does this new product help with those responsibilities? If so, then it's worth considering implementing the product in your security architecture, and only then after extensive testing and reworking of the security workflow to ensure there are no gaps in the security posture.

Tip 2: Use "Purple Teaming" to Gain a Competitive Advantage
SOCs, traditionally run by Blue Teams, are responsible for defending an organization. Blue Teams need the right mix of tools, technologies, and people to detect, analyze, contain, and remediate attacks. In addition to these tools, Blue Teams should partner closely with Red Teams, the white-hat hackers in an organization. Red Teams can run a number of different penetration tests to provide valuable insight into what hackers can do and the latest tools and technologies they can use to infiltrate an organization's network and assets. With the two teams working together on a regular basis, called "Purple Teaming," organizations can build up strong defenses to protect against real-time threats.

Tip 3: Leverage Automation to Scale Your Threat Response
Today's evolving threat landscape requires SOCs to adopt new technologies and best practices like automation and machine learning; they remove the need for human intervention to solve more basic cyberthreats (which make up the bulk of reported attacks). Such automation will require careful configuration of foundational security elements (endpoint, threat intelligence, threat analysis, firewalls, etc.) to avoid gaps in an organization's security posture. But if done properly, it will allow the SOC to take a more proactive role in defending the network.

Related Content:

 

Rinki Sethi is Senior Director of Security Operations and Strategy at Palo Alto Networks. She is responsible for building a world-class security operations center that includes capabilities such as threat management, security monitoring, and threat intelligence. Rinki is also ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
8/2/2017 | 12:41:49 PM
Purple Teaming as a Tactical Strategy
Kudos for stressing Blue Team and Red Team partnering.  While I have a bias on this topic, I do believe more on this needs to be discussed.  Not only should Red Teams be utilized often but I also feel they need more legal freedoms so offensive tactics can be leveraged more.  But while we wait for Washington to catch up with the InfoSec industry, partering with Blue Teams as a Purple Team is beneficial to all.  Treating your InfoSec teams like a tactical force rather than a threat monitoring presence will serve to increase awareness and effectiveness.
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15864
PUBLISHED: 2021-01-17
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...