Keynote Address From RSA President Discusses Moving On From The Dark Ages Of Cyber Security – Chuck Leaver

Written By Dr Al Hartmann And Presented By Chuck Leaver CEO Ziften Technologies

A 5 Point Plan For A New Security Approach Proposed By Amit Yoran

Amit Yoran’s, RSA President provided an excellent keynote speech at the RSA Conference which reinforced the Ziften philosophy. Ziften is intently focused on continuous endpoint monitoring, silo-busting Ziften Open Visibility ™, risk-focused security analytics, and to offer robust defenses in a brand-new age of advanced cyber attacks. Present organization security strategy was criticized as being bogged down in the Dark Ages of cyber moats and castle walls by Yoran, it was described as an “epic fail”, and he outlined his vision for the way forward with 5 main points, and commentary from Ziften’s point of view has actually been included.

Stop Believing That Even Advanced Protections Suffice

” No matter how high or wise the walls, focused foes will find ways over, under, around, and through.”

A great deal of the previous, more sophisticated attacks did not use malware as the primary strategy. Standard endpoint antivirus, firewalls and traditional IPS were criticized by Yoran as examples of the Dark Ages. He specified that these traditional defenses could be quickly scaled by skilled hackers and that they were largely inadequate. A signature based anti-virus system can only secure against previously seen dangers, however unseen threats are the most threatening to a company (since they are the most common targeted attacks). Targeted cyber wrongdoers utilize malware only 50% of the time, perhaps only briefly, at the start of the attack. The attack artifacts are readily altered and not utilized again in targeted campaigns. The build-up of transient indicators of compromise and malware signatures in the billions in large antivirus signature databases is a pointless defensive approach.

Embrace a Deep and Prevalent Level of Real Visibility All over – from the Endpoint to the Cloud

“We require prevalent and real visibility into our enterprise environments. You simply can’t do security today without the visibility of both constant complete packet capture and endpoint compromise assessment visibility.”

This suggests continuous endpoint monitoring throughout the enterprise endpoint population for generic indicators of compromise (not stale attack artifacts) that reflect timeless techniques, not fleeting hex string happenstance. And any company implementing constant complete packet capture (comparatively expensive) can quickly pay for endpoint threat assessment visibility (comparatively low-cost). The logging and auditing of endpoint process activity supplies a wealth of security insight utilizing only primary analytics approaches. A targeted hacker relies on the relative opacity of endpoint user and system activity to cloak and hide any attacks – while true visibility offers an intense light.

Identity and Authentication Matter More than Ever

” In a world with no border and with less security anchor points, identity and authentication matter more than ever … At some point in [any effective attack] campaign, the abuse of identity is a stepping stone the assailants use to impose their will.”

Making use of more powerful authentication is good, but it just makes for higher walls that are still not impenetrable. Exactly what the hacker does when they overcome the wall is the most crucial thing. The tracking of user endpoint logins (both local and remote), and the engagement of applications for indications of irregular user activity (insider attack or prospective compromised credentials). Any activity that is observed that is different from normal patterns is possibly suspicious. One departure from normality does not make a case, however security analytics that triangulates several normality departures concentrates security attention on the highest danger anomalies for triage.

External Threat Intelligence Is A Core Capability

” There are incredible sources for the best risk intelligence … [which] should be machine-readable and automated for increased speed and leverage. It must be operationalized into your security program and tailored to your organization’s assets and interests so that experts can rapidly resolve the threats that present the most risk.”

Many targeted attacks typically do not utilize readily signatured artifacts again or recycle network addresses and C2 domains, but there is still value in risk intelligence feeds that aggregate prompt discoveries from countless endpoint and network risk sensors. Here at Ziften we incorporate third party risk feeds through the Ziften Knowledge Cloud, plus the exposure of Ziften discoveries into SIEM and other enterprise security and operations infrastructure via our Open Visibility ™ architecture. With the developing of more machine-readable threat intelligence (MRTI) feeds, this capability will effectively grow.

Understand What Matters Most To Your Company And Exactly what Is Mission Critical

” You must comprehend what matters to your company and exactly what is mission critical. You have to … defend exactly what is very important and safeguard it with everything you have.”

This holds true for threat driven analytics and instrumentation that focuses security attention and effort on areas of greatest enterprise threat exposure. Yoran promotes that asset value prioritization is only one side of enterprise risk analysis, and that this goes much deeper, both pragmatically and academically. Security analytics that focus security personnel attention on the most common dynamic risks (for example by filtering, correlating and scoring SIEM alert streams for security triage) need to be well-grounded in all sides of enterprise risk analysis.

At Ziften we applaud Amit Yoran’s messages in his RSA 2015 keynote address as the cyber security market progresses beyond the existing Dark Ages of facile targeted attacks and entrenched exploitations.


No Responses Yet to “Keynote Address From RSA President Discusses Moving On From The Dark Ages Of Cyber Security – Chuck Leaver”

Leave a Reply