classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Don’t be a sitting duck against IoT threats
September 2017, Cyber Security

As the Internet of Things (IoT) continues to gain traction, organisations will have to reassess their security practices to accommodate the increase in security alerts. According to Patrick Rhude, head of product management in Nokia’s Security Product Unit, security organisations already find themselves overwhelmed with the volume, variety and velocity of security data alerts.

“It is not uncommon for a large organisation to receive over 10 000 security alerts a day,” he says. “Duplicate information and false alerts from faulty intelligence data, combined with the limited capacity of security analysts, means that only a small portion of alerts are investigated. It is therefore crucial that security analytics, machine learning and automation are incorporated into security management.”

Jon Tullett, research manager of IT Services Africa at International Data Corporation, says the increase in security incidents is due to several things. “There’s an increase in security incidents, but we’re also getting a lot more data from infrastructure and applications. That data may be security specific, performance or usage data that can be analysed to identify security incidents. Put all that together and you have an increase in alerts, making analysis very difficult.”

Globally there is a massive cybersecurity skill-set shortage, rendering human-centric and manually-intensive incident response strategies insufficient. “For organisations to adequately protect themselves in the IoT era, they will have to move from static defence to agile and adaptive responses to security threats by incorporating workflow automation and orchestration into their security operations,” says Rhude.

Automation allows for the execution of repeatable actions without human intervention and orchestration chains these automated tasks into executed playbooks to perform workflows, speeding up the investigation and mitigation of incidents. Adding machine learning to the mix enables organisations to identify potential compromises by using threat intelligence information across the network, device and cloud layers.

Tullett believes that right now it’s an analytics problem and that it’s almost a perfect example of Big Data. “A lot of data is moving too fast and this needs more correlation and cleaning. Like any big data situation, you can throw money at the problem to try to keep up, or you can invest in better technology and practices at the source. Most organisations do a bit of both right now.”

Experts around the globe believe more than 10 billion devices will connect to networks around the world this year. This number is expected to grow tenfold over the coming years, making it impractical to rely on human-centric practices when it comes to security management.

“In any given generation of security technology, the next generation breaks the bigger or faster cycle and focuses on different capabilities. The moves from firewalls to deep packet inspection to application firewalls is such an evolution. Right now, there are interesting developments in behavioural analysis, machine learning, mitigation or containment controlling an attacker’s lateral movement, advanced threat detection and so on,” says Tullett.

“If you are not evolving your security technology and adopting next generation solutions, you’re basically a sitting duck. There are parallel priorities in modern security solutions. You must protect yourself against as many of the known threats as possible and keep pace with attackers as they develop new techniques. Secondly, organisations must focus on detecting and mitigating new threats, reducing the vulnerable surface area, increasing transparency and improving analytics.”

“We have already seen a shift towards adopting multi-dimensional security analytics,” says Rhude. “This enables security organisations to correlate data from multiple domains and helps identify suspicious, malicious or inadvertent anomalies.”

Through in-depth security analytics, organisations can extract intelligence about the nature of the threat, threat vectors used, associated business risk and recommended mitigation. “When you combine threat intelligence data and security analytics, you can detect threats and prescribe the appropriate response more effectively, providing strategic mitigation to strategic threats.”

  Share via Twitter   Share via LinkedIn      

Further reading:

  • DDoS detection and mitigation platform
    September 2017, Networks Unlimited, Cyber Security, Products
    Arbor Networks further automates DDoS attack mitigation for MSSPs and enterprise customers.
  • Back to the future
    September 2017, Adamastor Consulting, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Residential Estate (Industry)
    The future is not what it used to be. Rob Anderson looks at estate security in 2027.
  • Are IP cameras vulnerable to ­cyber attacks?
    September 2017, Graphic Image Technologies, Cyber Security, CCTV, Surveillance & Remote Monitoring
    The Internet of Things (IoT) is currently on the rise and with the expansion of digitisation, the separation between physical security and network security is no longer clear.
  • Managing technology risks for effective estate security
    September 2017, Technews Publishing, Residential Estate (Industry), Cyber Security, Integrated Solutions, Conferences & Events
    Hi-Tech Security Solutions and Rob Anderson hosted the Residential Estate Security Conference 2017 in Johannesburg earlier this year.
  • Deepening the value of surveillance
    September 2017, Hikvision South Africa, Residential Estate (Industry), CCTV, Surveillance & Remote Monitoring, Cyber Security
    Deep Learning has swept through the IT industry, bringing benefits and better classifications to a number of applications. Now it’s changing security as well.
  • Breaking the chain
    September 2017, This Week's Editor's Pick, Cyber Security
    How attackers hide a backdoor in software used by hundreds of large companies around the world.
  • Prevention is better, and cheaper
    August 2017, J2 Software, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Healthcare (Industry)
    Securing healthcare data across the ecosystem will not only prevent fraud, it will also improve service delivery in the public and private sectors.
  • Only the paranoid survive
    August 2017, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
    Whether you’re a government, a hospital, a global corporation, a small business or an individual, you should be paranoid because they are out to get you.
  • Will artificial intelligence replace our jobs?
    August 2017, Integrated Solutions, Cyber Security, Security Services & Risk Management
    Many welcome the possibilities brought about by rapid advances in artificial intelligence, but there is also growing uncertainty about the long-term impact on jobs.
  • Cyber attacks to the left, ransomware to the right
    August 2017, This Week's Editor's Pick, Cyber Security, News
    We all need to be agile and responsive to the new unknowns; here are some tips for preventing future nasties like WannaCry and Petya.
  • Growing concern over global cybersecurity
    August 2017, News, Cyber Security
    The average cost of a security breach in the UK is R40,5 million, while DDoS attacks costs an average of R500 000 an hour to defend.
  • GNL Cyber launches South African operation
    August 2017, This Week's Editor's Pick, Cyber Security, News
    Gold N’ Links Cyber (GNL) has established its presence in South Africa. Its launch event at its new Johannesburg offices in July was attended by a variety of dignitaries, key leaders in business, as well as VIPs such as the outgoing Israeli Ambassador.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.