Cybersecurity To Go On The Offensive

Uploaded on 2016-02-26 in TECHNOLOGY--Resilience, NEWS-News Analysis, FREE TO VIEW

Organizations with a sophisticated approach to cybersecurity are no longer satisfied with locking the doors after the robbery has been committed. There is instead a distinct shift toward offense.

A Deloitte & Touche report notes a trend toward predictive models, which has meant that protection has become more about using advanced math and science to pursue anomalies and pinpoint threats, than it is about building bigger and better walls.

 “Cybersecurity has received increased attention in recent years due to high profile data breaches and attacks on critical infrastructure,” Adnan Amjad, partner at Deloitte, in an interview. “As a result, there is mounting pressure from directors and executives to measure and monitor risk levels, malicious activity and the effectiveness of cyber investments. They seek what seems impossible: a cyber-detection capability that is so mature that the organization is able to address cyber threats proactively. This is where analytics can help.”

However, the dirty little secret of cyber-monitoring is that state-of-the-art practices are intrinsically reactive; organizations watch for threats they’ve either seen before, or that have victimized others.

“And they are often missed, due in part to the massive number of cyber events occurring daily and, in part, because there is insufficient data to evaluate where and when business-critical events may occur,” added Amjad. “In other words, there is often insufficient context for anticipating and preparing to respond to cyber threats.  At the very least, companies need skilled professionals with deep institutional knowledge to patch the data together manually.”

The ability to use high-volume Big Data (billions of records) and execute queries in seconds to identify anomalous patterns can help organizations evolve from monitoring cyber-threats to managing cyber-threats. This in turn can help them to map their susceptibility to attack; detect previously-unknown threats and zero days; prioritize cybersecurity investments; satisfy regulatory inquiries; and provide real-time data to executives that quantifies cyber-risk and enables better decisions.”

It takes horsepower supercomputing to do this in near real-time; the effort would take significantly longer with traditional computing platforms.

“The market is now at a tipping point where cybersecurity operations are starting to transcend tactical ‘monitoring’ and become significantly more sophisticated,” Amjad said. “Technology advances in multiple areas, including: high-speed access to abundant datasets (threat sharing, real-time network traffic, unstructured business data), innovative automation (analytics, machine learning, visualization), and evolving forensic and incident response tools, are driving this sophistication.”

Companies adopting these types of offensive steps will no doubt find that they need new personnel capabilities, the report found. Many cyber-professionals don’t have the skills to do predictive threat intelligence or predictive analysis of past breaches. At the very least, extensive collaboration between analytics and cyber-professionals may be required. And cybersecurity projects will need to rapidly move up the priority list for analytics groups.

Infosecurity: http://bit.ly/20Pwppy

« Know Your Enemy: The Most Popular Hacking Methods
Israel Is 15 Years Ahead in Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

FireEye

FireEye

FireEye delivers unmatched detection, protection and response technology through an extensible and flexible cloud-based XDR platform.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

Cyber Security Network

Cyber Security Network

Cyber Security Network provide specialist cyber security recruitment services.

Westminster eForum

Westminster eForum

Wesrtminster eForum runs a series of conferences on matters relating to the UKs Digital Strategy. Topics include Smart Cities and Cyber Security.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Institute for Cyber Security Innovation - Royal Holloway

Institute for Cyber Security Innovation - Royal Holloway

The Institute for Cyber Security Innovation aims to bring together Academia, Industry and Government to be a catalyst for applied research and innovation in cyber security policy and solutions.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Cipher Net Shield

Cipher Net Shield

Cipher Net Shield specializes in secure E-wallet solutions with a strong focus on blockchain and cybersecurity, prioritizing both transaction security and the recovery of lost capital.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.