Somehow we managed to establish some sort of security equilibrium for a few years—a status quo where new threats continued to be developed by the millions, but most security tools seemed equipped to detect and block them, and those who followed established security best practices were relatively secure. Then it all changed.
Mobile malware, cyber espionage, and data breaches—particularly data breaches involving credit card data and personal information of millions of retail consumers—are three major shifts in the threat landscape that fundamentally alter the game. It’s no longer a matter of “us vs. them”, and simply guarding the perimeter and protecting individual endpoints against malware is no longer sufficient.
Some sophisticated threats such as Stuxnet, Duqu, Flame, and other suspected state-sponsored malware illustrate that the perception of security was an illusion in the first place. These threats have existed for years, somehow managing to remain under the radar and undetected. Now that those threats have been discovered and reverse-engineered, the advanced evasion and exploit techniques are making their way into more mainstream attacks. The bad guys are becoming more resourceful, and the traditional model of network and endpoint security needs to adapt.
A new trend is emerging to address the evolving threat landscape, and a new breed of security vendor is springing up to take cyber defense to the next level. The common thread among many of them seems to revolve around big data—stepping back and analyzing a bigger picture for clues about where attacks originate, and how they spread. Many emerging security startups are taking an analytical approach in an attempt to be more proactive about security.
The strategy makes sense. Historically, one of the problems with network and endpoint security is that every organization and every security vendor is treated as an island unto themselves. They detect and block threats, and respond to security incidents, but that activity is conducted in the shadows. No organization wants to disclose that they’re under attack or have been compromised, and they certainly don’t want to share how the attack succeeded. The secrecy of security makes it virtually impossible to get a realistic view of the scope of the threat.
Many sophisticated attacks, however, are multi-faceted, and effective defense requires stepping back to see the whole picture. One organization may have one piece of the puzzle, and another organization may have another, but a single piece of a jigsaw puzzle is useless. Unless you put the pieces of the puzzle together it’s impossible to figure out what the final image is supposed to be.
Most organizations are still skittish about sharing security event information. They don’t want to undermine customer confidence, or tarnish the company’s reputation with investors, and they don’t want to reveal any details that might be used as ammunition for the next attack. Most larger security vendors now collect anonymized information from customers, though—enabling them to aggregate and analyze data from multiple organizations and millions of endpoints to see the bigger picture.
The reactionary security model is dead. The new attacks—the ones that really matter at least—are smarter than that. By the time a threat is intercepted and analyzed, and a signature is developed to detect and block it, it’s too late. Next-generation attacks are adept at evading detection until the job is done, and that means organizations need to embrace advanced cyber defense methods that take a more proactive approach to detecting threats rather than waiting for the threats to come to them.