Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

An Intelligent Approach to Fighting Cyber Attacks

Cisco : 19 June, 2014  (Special Report)
Greg Akers, Senior Vice President, Advanced Security Initiatives Group Threat Response Intelligence and Development, Cisco examines the use of intelligence in fighting cyber crime
An Intelligent Approach to Fighting Cyber Attacks

Since today’s cyber attacks are moving faster than legislation’s ability to keep up, companies in high-risk sectors are left following regulations that fight yesterday’s war. As the government and organizations try to secure their information, federal agents alerted more than 3,000 companies last year that their computer systems had been hacked. The companies varied in size from small to large and represent what experts think is a small fraction of the total number. Analysts estimate the cost of these breaches is up to $100 billion annually for U.S. companies and consumers.

To stop attacks and protect valuable resources, organizations should employ a security approach that is advanced beyond the attackers’ abilities and addresses the extended network. Since an attack can be broken down into stages, it is then pragmatic to think of a response to an attack in stages as well – before, during and after. This is a cycle that operates constantly for anyone in the security profession.

Let’s take a closer look at each of these stages:

Before: Security teams are diligently looking for areas where they may be compromised. Historically, security had been all about defense. Today, teams are setting up ways to more intelligently halt intruders by giving the organization total visibility into its environment, including physical and virtual hosts, operating systems, applications, services, protocols, users, content and network behavior. This knowledge can be used for defenders to take action before an attack has even begun.

During: During the attack, security teams need to understand what is happening, and how to stop it as quickly as possible to minimize impact. They need to be able to continuously address threats, not just at a single point in time. Tools including content inspection, behavior anomaly detection, context awareness of users, devices, location information and applications are critical to understanding an attack as it is occurring. Security teams have to discover where, what and how users are connected to applications and resources.

After: After an incident, teams have to understand the attack that occurred and how to mitigate the damage. Advanced forensics and assessment tools help security teams learn from attacks. Where did the attacker come from? How did the attacker find a hole in the network? Could anything have been done to prevent the breach? More importantly, retrospective security allows for an infrastructure that can continuously gather and analyze data to create security intelligence. Compromises that would have gone undetected for weeks or months can be identified, scoped, contained and remediated in a matter of days.

It then follows that the most important element of any defensive strategy is intelligence and understanding. Cybersecurity teams are constantly trying to learn more about who their enemies are, why they are attacking and how.  This is where the extended network provides exceptional value, delivering a depth of intelligence that cannot be attained anywhere else in the computing environment. Much like counterterrorism efforts, intelligence is key to stopping attacks before they happen.

Similar to other areas of modern warfare, security in cyberspace is often an asymmetric situation. Relatively small adversaries with limited means can inflict disproportionate damage on larger adversaries. In these asymmetric environments, intelligence is one of the most important assets for addressing threats. But intelligence alone is of little benefit without an approach that optimizes the organizational and operational use of that intelligence.

For example, with network analysis techniques that provide the ability to collect IP network traffic as it enters or exits an interface, security teams can correlate identity and context, and then add to that threat intelligence and analytics capabilities. This allows security teams to combine what they learn from multiple sources of information (including what they know from the Web) to help identify and stop threats, including: what they know that’s happening in the network, as well as a growing amount of collaborative intelligence, gleaned from exchange with public and private entities.

To effectively keep an organization safe and secure, cybersecurity professionals need a strategy for understanding the potential threats their organizations are up against. Security teams must then make sure their enterprise capabilities, governance and operations are aligned accordingly. Essentially, this will enable defenders to think like malicious actors. Defenders’ threat intelligence preparation, joining native user behavior analysis and commercial threat information, will be able to spot, protect against and correct the effects of attacks faster and more effectively than has ever been possible.

This article is by Greg Akers, the Senior Vice President of Advanced Security Initiatives and Chief Technology Officer within the Threat Response, Intelligence and Development (TRIAD) group at Cisco.  With more than two decades of executive experience, Akers brings a wide range of technical and security knowledge to his current role.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo