classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Don’t be a sitting duck against IoT threats
September 2017, Cyber Security

As the Internet of Things (IoT) continues to gain traction, organisations will have to reassess their security practices to accommodate the increase in security alerts. According to Patrick Rhude, head of product management in Nokia’s Security Product Unit, security organisations already find themselves overwhelmed with the volume, variety and velocity of security data alerts.

“It is not uncommon for a large organisation to receive over 10 000 security alerts a day,” he says. “Duplicate information and false alerts from faulty intelligence data, combined with the limited capacity of security analysts, means that only a small portion of alerts are investigated. It is therefore crucial that security analytics, machine learning and automation are incorporated into security management.”

Jon Tullett, research manager of IT Services Africa at International Data Corporation, says the increase in security incidents is due to several things. “There’s an increase in security incidents, but we’re also getting a lot more data from infrastructure and applications. That data may be security specific, performance or usage data that can be analysed to identify security incidents. Put all that together and you have an increase in alerts, making analysis very difficult.”

Globally there is a massive cybersecurity skill-set shortage, rendering human-centric and manually-intensive incident response strategies insufficient. “For organisations to adequately protect themselves in the IoT era, they will have to move from static defence to agile and adaptive responses to security threats by incorporating workflow automation and orchestration into their security operations,” says Rhude.

Automation allows for the execution of repeatable actions without human intervention and orchestration chains these automated tasks into executed playbooks to perform workflows, speeding up the investigation and mitigation of incidents. Adding machine learning to the mix enables organisations to identify potential compromises by using threat intelligence information across the network, device and cloud layers.

Tullett believes that right now it’s an analytics problem and that it’s almost a perfect example of Big Data. “A lot of data is moving too fast and this needs more correlation and cleaning. Like any big data situation, you can throw money at the problem to try to keep up, or you can invest in better technology and practices at the source. Most organisations do a bit of both right now.”

Experts around the globe believe more than 10 billion devices will connect to networks around the world this year. This number is expected to grow tenfold over the coming years, making it impractical to rely on human-centric practices when it comes to security management.

“In any given generation of security technology, the next generation breaks the bigger or faster cycle and focuses on different capabilities. The moves from firewalls to deep packet inspection to application firewalls is such an evolution. Right now, there are interesting developments in behavioural analysis, machine learning, mitigation or containment controlling an attacker’s lateral movement, advanced threat detection and so on,” says Tullett.

“If you are not evolving your security technology and adopting next generation solutions, you’re basically a sitting duck. There are parallel priorities in modern security solutions. You must protect yourself against as many of the known threats as possible and keep pace with attackers as they develop new techniques. Secondly, organisations must focus on detecting and mitigating new threats, reducing the vulnerable surface area, increasing transparency and improving analytics.”

“We have already seen a shift towards adopting multi-dimensional security analytics,” says Rhude. “This enables security organisations to correlate data from multiple domains and helps identify suspicious, malicious or inadvertent anomalies.”

Through in-depth security analytics, organisations can extract intelligence about the nature of the threat, threat vectors used, associated business risk and recommended mitigation. “When you combine threat intelligence data and security analytics, you can detect threats and prescribe the appropriate response more effectively, providing strategic mitigation to strategic threats.”

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Securing your access security
    November 2017, G4S South Africa, Impro Technologies, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    While one may not consider access control solutions a prime hacking target, any connected device is a target in today’s world.
  • The missing mobile puzzle piece
    November 2017, Securicom IT Solutions, Cyber Security, IT infrastructure
    Companies are neglecting to define what resources can be accessed via mobile and have not identified what devices are already accessing the network.
  • Back(up) by popular demand
    November 2017, Cyber Security
    The market is demanding backup and storage solutions that are simple to operate, efficient, safe and that collate data in a centralised location, for easy accessing from anywhere, and on any device.
  • SOLID webKey is simple security
    November 2017, This Week's Editor's Pick, Cyber Security, News
    Ansys débuts its first consumer cybersecurity product with an all-in-one account protection device.
  • Physical and cyber defence centre
    November 2017, This Week's Editor's Pick, Cyber Security, News
    XON and NEC Africa will launch their joint Cyber Defence Operation Centre (CDOC), the only such facility from a single service provider in Africa that offers end-to-end physical and cyber defence services.
  • SA manufacturing companies take note
    November 2017, Dimension Data, Cyber Security, Security Services & Risk Management
    South Africa’s manufacturing sector is under growing threat of cyber attack, says Sean Duffy, executive of security solutions for MEA at Dimension Data.
  • Advanced malware protection
    November 2017, Duxbury Networking, Products, Cyber Security
    Intercept-X includes root-cause analytics and advanced malware clean up together with advanced anti-exploit features that block zero-day threats without the need for traditional file scanning.
  • South Africa is a target for cyber attacks
    November 2017, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    South Africa is currently a magnet for cyberattacks, with hackers set on stealing data.
  • Sophos XG Firewall
    November 2017, Cyber Security, Products
    Firewall offers complete identification of unknown application traffic by using information directly from the endpoint, automatically identifies, classifies and controls custom, evasive and generic web applications.
  • Ransomware defined 2017
    November 2017, This Week's Editor's Pick, Cyber Security
    Ransomware ravaged Windows, but attacks on Android, Linux and MacOS systems also increased, while just two strains of ransomware were responsible for 89.5% of all attacks in 2017.
  • Packaged cyber-threat service
    October 2017, GNL Cyber, News, Cyber Security
    Gold ‘N Links Cyber introduces GNL CYBER 360, a per user, next generation cyber-threat packaged service.
  • More than physical intrusion
    October 2017, Mining (Industry), Cyber Security
    Mining and manufacturing sectors are becoming increasingly vulnerable to cyber attack. This is highlighted in Dimension Data’s Global Threat Intelligence Report for 2017.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.