2018 Should Not Be Another Year Where Attackers Continue to Exploit the Known
It sounds somewhat disheartening, but 2017 may go down in history as “the year of exploiting the known.” From the WannaCry campaign to the Equifax breach to the rise in spam and phishing, the trend may continue. Gartner predicts that through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. Meanwhile, Cisco reported mid-way through the year that global spam is on the rise as adversaries return to email – a method we’ve known about for years – to distribute ransomware and malware. The 2017 Verizon Data Breach Investigations Report (VDBIR) corroborates this assessment, finding that social attacks were used in 43% of all breaches and were executed primarily through phishing.
As 2017 winds down, now is the time to take stock and determine how we can do better. Whether that means identifying gaps in our approach to security that need to be filled, or making better use of the capabilities we do have, there’s a lot at our disposal to prevent adversaries from using known methods to steal, disrupt or damage what’s not theirs. Here are three steps to help you reevaluate and make sure your entire security infrastructure is operating more efficiently and effectively.
1. Inventory. Understand the landscape of the security tools you have. This sounds fairly obvious, but don’t underestimate the level of effort this may take. Most companies have pursued a defense-in-depth strategy – layering defenses so that if one fails, another layer is there to stop the attack. Further complicating the task, different teams and departments may have acquired their own tools over time. If you’re in this group, then it isn’t uncommon to be grappling with 40+ security products and vendors in 40+ silos. Take an inventory of all these different point products and go a step further to understand who across your organization is using them (security operations, networking, threat intelligence, incident response and risk management) and how they are being used. This will help you know if you are taking full advantage of your existing security investments – not just technology, but people too.
2. Identify. Now you can identify the gaps in your security approach and the capabilities you need to put into place to fill those gaps. The key here is to view security as an overall system in which all the elements – people, processes and technologies – are working in concert. Start by looking at each of your different teams and if they are accomplishing what needs to be done. If not, it could be a matter of reprioritizing so that they are focused on what matters most to your organization based on your risk profile. Be mindful that your existing people are essential to your operations and with the talent shortage you need to devise ways to get more from the team you have. They must be empowered with the right processes and tools to execute against priorities. Consider automating processes within existing workflows to reduce the level of repetitive or administrative tasks. This will free up analysts to work on more strategic and meaningful aspects of threat defense. Reevaluate any security technologies you haven’t upgraded in the last few years. Just as threats continue to evolve so do the technologies to defend against them.
3. Integrate. Many gaps in security are due to an inability for disparate technologies to share information. Integration is key to making sure you get the most from your technology investments. Here’s where a threat intelligence platform (TIP) can help. Not only does a TIP serve as a central repository to aggregate external and internal threat and event data, it also allows you to analyze, contextualize and prioritize it for action. This is particularly useful in determining which vulnerabilities pose the greatest risk and should be patched first. It also enables you to share the right intelligence with the right tools at the right time. In effect, it becomes the glue to integrate layers of defense. It can automatically send your curated threat intelligence directly to your sensor grid, including firewalls, IPS/IDS, routers, endpoint, and web and email security (in the case of spam) so all are synchronized and defending together. You can act quickly upon the most relevant threats facing your organization to reduce risk now and in the future.
There’s no reason that 2018 should be another year where attackers continue to successfully exploit the known. By taking an inventory of your security landscape, identifying the gaps, and integrating your solutions so that people, processes and technologies are working in concert, you can make adversaries work harder, while you work smarter.