Page 35 - Cyber Warnings
P. 35
Six Big Challenges Facing the Security Industry in 2017
Raj Samani, chief technology officer, EMEA, Intel Security
Attacks and defenses adapt and evolve in a continuing dance. As a new technique is
developed, its effectiveness increases rapidly until it is ready for deployment. Once deployed,
broad exposure to real-world scenarios, feedback to the development team, and inclusion in
other defenses further improves its effectiveness. The enhancement continues until it reaches a
level of effectiveness that prompts adversaries to respond. At this stage, attackers experiment
and discover ways to evade this type of defense and develop countermeasures to reduce its
value. The security industry’s challenge is to improve the lifecycle of threat defense
effectiveness, something that requires foundational research, new classes of products, heavy
development time and effort, and a sustained focus, often by multiple industry participants
working together.
Reduce Asymmetry of Information
Adversaries have more information about our defenses than we have about their attacks, and
this asymmetry significantly influences the threat defense effectiveness curve. Preventing
attackers from testing against us is very difficult and possibly unsolvable. However, sharing
information about attacks more broadly is one of the critical initial steps that we can take to
address this asymmetry. When we share and combine information about attacks, we better
understand what the attackers are doing to find weaknesses in our algorithms. That allows us to
more quickly adapt and improve defenses.
Make attacks more expensive or less profitable
Money is the primary motivation of most cyberattacks. If we can change the economics of the
attack process, reduce the success rate of attacks, and make capture more likely, then we can
make targets less interesting. Analyzing law enforcement data, we find that investigation and
prosecution of cybercrime is inversely related to the severity of the crime. With physical crimes,
prosecution is oriented toward the most serious crimes. With cybercrime, high-level attacks are
more difficult to investigate and prosecute because they often cross multiple jurisdictions, and
often more skills and resources are required to help them evade detection and prosecution. One
potential response to this is to deceive attackers and increase their time spent on a given attack,
making them easier to trace, identify, capture, and prosecute.
Improve visibility
Security operations within companies and security vendors are shifting their focus from IT
assets to data assets and from “pseudo-absolute” defensive coverage to informed risk
management. We have tools that can identify and classify data, monitor its usage, apply
appropriate policies, or block movement if necessary. With these tools, organizations can more
effectively quantify their risk profile, identify critical gaps, and appropriately focus resources.
Good organizations compare basic statistics to the previous month, much like accounting.
Better organizations work to build regional, national, and industry benchmarks for comparison,
35 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
