Vulnerabilities / Threats
8/2/2017
10:30 AM
Rinki Sethi
Rinki Sethi
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Staying in Front of Cybersecurity Innovation

Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.

Cyber attackers can launch thousands of attacks daily. Many of these same attackers don't even need serious technical expertise to do so; they can simply purchase (or even rent) DIY hacking toolkits or subcontract the actual attack campaign to a hacker-for-hire. With such low entry barriers and a threat landscape that's evolving rapidly due to relatively easy access to processing horsepower and automation technologies, cybersecurity must be top of mind at any organization.

Fortunately, many new technologies are new to security operation centers (SOCs) and the teams that run them. The use of automation, machine learning' and big data has the potential to detect, analyze' and contain most threats automatically, without the need for human intervention — which leaves SOC teams with more time and resources to dedicate to hunting more sophisticated attacks. But if SOCs want to take advantage of emerging cybersecurity technologies, they'll need to rethink their playbooks and make significant changes to technology roadmaps. Why? Because innovation in cybersecurity is challenged by two seemingly conflicting ideas: it's happening too slowly and too quickly. Allow me to explain.

Some say that most recent innovation in cybersecurity industry has been incremental, not revolutionary. Specifically, the products and services currently used in cybersecurity have been around for years, and today's more advanced threats aren't going to be stopped by simply adding a few new features or performance enhancements. Slow and incremental updates to well-established cybersecurity products and services will not protect a network against today's more evolved threat landscape; the adoption of new and revolutionary technologies is required.

For others, the massive volume of innovation is paralyzing. There are so many startups touting new cybersecurity products that it's easy to become overwhelmed by the sheer number of new point products and their related concepts/buzzwords (machine learning, threat intelligence, automation, etc.). How do you figure out what the right security solution for your organization is when a new one launches every week? How easily do new products integrate into your existing security architecture? Is the product addressing a security issue that your organization is likely to encounter? How much manpower and time are involved in maintaining the new product? Attempting to answer such questions makes it easy to see why keeping up with cybersecurity innovation is such a challenge.

Here are three tips to help you strengthen your organization's security posture and stay in front of cybersecurity innovation.

Tip 1: New Technology Only Works if Implemented and Used Correctly
Having the latest and greatest technology is only effective if that technology is implemented and configured properly. When considering any new cybersecurity product, remember first principles. Go back and ask the key questions. What is your security team responsible for? Does this new product help with those responsibilities? If so, then it's worth considering implementing the product in your security architecture, and only then after extensive testing and reworking of the security workflow to ensure there are no gaps in the security posture.

Tip 2: Use "Purple Teaming" to Gain a Competitive Advantage
SOCs, traditionally run by Blue Teams, are responsible for defending an organization. Blue Teams need the right mix of tools, technologies, and people to detect, analyze, contain, and remediate attacks. In addition to these tools, Blue Teams should partner closely with Red Teams, the white-hat hackers in an organization. Red Teams can run a number of different penetration tests to provide valuable insight into what hackers can do and the latest tools and technologies they can use to infiltrate an organization's network and assets. With the two teams working together on a regular basis, called "Purple Teaming," organizations can build up strong defenses to protect against real-time threats.

Tip 3: Leverage Automation to Scale Your Threat Response
Today's evolving threat landscape requires SOCs to adopt new technologies and best practices like automation and machine learning; they remove the need for human intervention to solve more basic cyberthreats (which make up the bulk of reported attacks). Such automation will require careful configuration of foundational security elements (endpoint, threat intelligence, threat analysis, firewalls, etc.) to avoid gaps in an organization's security posture. But if done properly, it will allow the SOC to take a more proactive role in defending the network.

Related Content:

 

Rinki Sethi is Senior Director of Security Operations and Strategy at Palo Alto Networks. She is responsible for building a world-class security operations center that includes capabilities such as threat management, security monitoring, and threat intelligence. Rinki is also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
8/2/2017 | 12:41:49 PM
Purple Teaming as a Tactical Strategy
Kudos for stressing Blue Team and Red Team partnering.  While I have a bias on this topic, I do believe more on this needs to be discussed.  Not only should Red Teams be utilized often but I also feel they need more legal freedoms so offensive tactics can be leveraged more.  But while we wait for Washington to catch up with the InfoSec industry, partering with Blue Teams as a Purple Team is beneficial to all.  Treating your InfoSec teams like a tactical force rather than a threat monitoring presence will serve to increase awareness and effectiveness.
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.