Integrated security key

April 2016 Editor's Choice, Cyber Security

The trends and threats encountered by South African companies are largely those of our global counterparts, but our priorities show a misalignment. In fact, market intelligence firm, IDC, predicts that IT security spending in SA will lag behind the actual importance and impact of this strategic imperative, leaving local companies potentially vulnerable. Organisations face multiple challenges in today’s threat landscape. Specifically, the siloed nature of implemented technologies, a lack of overall visibility, and increasingly sophisticated targeted attacks are all potential vulnerabilities in the overall cyber resilience of organisations.

Trevor Coetzee, Intel Security.
Trevor Coetzee, Intel Security.

In 2014, US-based retailer, Target, learnt this the hard way, when malware led to the leak of millions of customers’ credit card details. It’s not that the breach wasn’t detected by the company, but that the alerts failed to prompt either an automatic response or even a manual response. The failure resulted in a huge knock in profits, and massive reputational damage. Could this happen locally? Absolutely. The malware here was described as ‘unsophisticated and uninteresting’, but it was their inability to respond that let Target down.

So, if Target, with all the resources of a huge US retailer, can fall victim, how can a South African company expect to avoid the same fate? A quick audit of your organisational preparedness can help identify pitfalls, and an integrated and multi-layered approach will help you plug them.

What are the threats?

A patchwork of solutions: Companies are dealing with dozens of individual niche security vendors offering single point solutions. Often these operate in functional silos with no intelligence-sharing, preventing infrastructure-wide visibility for real-time detection of threats. This fragmented environment leads to gaps in protection and poor visibility, which drives up the time and manual processes needed to move from discovery to remediation.

Speed of response: There is a concept in emergency medicine of the ‘golden hour’. The probability of surviving improves if a patient is treated within the first hour. The equivalent applies to security. Losses can be dramatically reduced with faster, precise detection and automated remediation. In 60% of cases, attackers can compromise an organisation within minutes (2015 Verizon DBIR), and 75% of attacks spread from ‘patient zero’ within 24 hours (Gartner, May 2015: Best Practices for Detecting and Mitigating Advanced Persistent Threats). In order to defend against this, organisations must minimise the time between network penetration and threat containment and remediation.

Skills shortage: Overwhelmed security practitioners are struggling in the face of exponentially growing threat complexity, with over 400 000 new malicious programs identified every day (AV-Test.org). Plus, people who offer the magic combination of skills (including environment knowledge, depth of technical expertise, and knowledge of business priorities) are hard to find, hire and retain. In fact, 66% of organisations in a recent SANS Institute survey said that skills and people shortages were the top impediment to incident response.

So what’s the solution?

Protect: Comprehensive prevention lets users be more productive while blocking the most pervasive attacks and disrupting never-before-seen techniques and payloads. With the right tools, we can reduce security fragmentation, automate operational tasks, and enhance capabilities to combat attacks more effectively with less effort. A hybrid, integrated system brings together a dynamic endpoint of anti-malware, data protection and web security controls with virtualised data centre security infrastructure and centralised management.

Detect: Since no single analysis or intelligence source can detect sophisticated attacks, advanced monitoring and tiered analysis works to identify anomalous behaviour, catching low-threshold attacks that would otherwise go unnoticed. Ultimately this helps us detect, contain and resolve more issues with far less damage. Better insight produces higher confidence in less time. We can also integrate data and tools so they collaborate in real time for faster investigation of and response to events.

Correct: Facilitated triage and response lets teams prioritise threats, assisting speedy investigation and remediation for both endpoint and the cloud. A broad visibility and integrated management environment can facilitate self-learning – to keep evolving the threat defence lifecycle for higher effectiveness. Cloud-first management simplifies the environment, while making it easier to enhance protections and policies.

We are heading towards a ubiquity of connected devices – an estimated 200 billion by 2020, according to forecasting by Intel. With that saturation, a piecemeal approach to security will become overwhelmingly resource-heavy. By automating aspects of your security implementation, and sharing real-time data across security implementations, you can free up your skilled people to deal with the real high-level threats.

This is the driver behind our ‘Did you know?’ campaign that offers clients a critical competitive advantage through integrating different types of security. Take the quiz ( http://getconnected.intelsecurity.com/en/quiz/start ) to assess your knowledge of current threats and trends in IT security, or read more about these topics and solutions here ( http://getconnected.intelsecurity.com)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Accelerating your Zero Trust journey in manufacturing
IT infrastructure Cyber Security Industrial (Industry)
Francois van Hirtum, CTO of Obscure Technologies, advises manufacturers on a strategic approach to safeguarding their businesses against cyber breaches.

Read more...
Cyber resilience is more than cybersecurity
Technews Publishing Editor's Choice Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Read more...
Crossing the chasm
Editor's Choice News Security Services & Risk Management Training & Education
Industry reports suggest that in the next ten years, millions of jobs could go unfilled because there simply are not enough people to fill them.

Read more...
Records in place now, not later
Editor's Choice Security Services & Risk Management
It is important, after an incident, to have records in place as soon as possible. Too often the matter is left for the day when the company is going to court, or a disciplinary hearing is scheduled.

Read more...
A robust OT cybersecurity strategy
Editor's Choice Cyber Security IT infrastructure Industrial (Industry)
Cyber experts are still struggling to convince senior management to spend money to protect their control system assets, resulting in a lack of even basic measures to protect control systems.

Read more...
Why Multi-Factor Authentication, universal ZTNA and Zero Trust matter
Access Control & Identity Management Cyber Security
Malicious cyber actors are experimenting with new attack vectors and increasing the frequency of zero-day and other attacks, according to Fortinet’s 1H 2022 FortiGuard Labs Threat Landscape report.

Read more...
Simplifying SIEM, EDR, XDR and SOAR
Bitrate Editor's Choice Cyber Security
Jeroen Dubbelman unpacks what some of the latest acronyms used in the cybersecurity industry actually mean to businesses looking for solutions for their cyber requirements.

Read more...
Securing IoT devices to maximise their value
IT infrastructure Cyber Security
Anything that is connected to the Internet is a potential security vulnerability, and IoT devices are increasingly targets through which cybercriminals infiltrate networks.

Read more...
The rise of edge computing: What does it mean for cybersecurity?
IT infrastructure Cyber Security
Edge computing reduces response times, decreases bandwidth usage and maximises the real-time value of data for applications, processing or storage, by bringing it all closer to the source.

Read more...
Ransomware loves retail
Retail (Industry) Cyber Security
The retail industry was the second most targeted industry by ransomware in 2021, with 77% of retail organisations hit with ransomware, a 75% rise from 2020.

Read more...