Cybersecurity To Go On The Offensive

Uploaded on 2016-02-26 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

Organizations with a sophisticated approach to cybersecurity are no longer satisfied with locking the doors after the robbery has been committed. There is instead a distinct shift toward offense.

A Deloitte & Touche report notes a trend toward predictive models, which has meant that protection has become more about using advanced math and science to pursue anomalies and pinpoint threats, than it is about building bigger and better walls.

 “Cybersecurity has received increased attention in recent years due to high profile data breaches and attacks on critical infrastructure,” Adnan Amjad, partner at Deloitte, in an interview. “As a result, there is mounting pressure from directors and executives to measure and monitor risk levels, malicious activity and the effectiveness of cyber investments. They seek what seems impossible: a cyber-detection capability that is so mature that the organization is able to address cyber threats proactively. This is where analytics can help.”

However, the dirty little secret of cyber-monitoring is that state-of-the-art practices are intrinsically reactive; organizations watch for threats they’ve either seen before, or that have victimized others.

“And they are often missed, due in part to the massive number of cyber events occurring daily and, in part, because there is insufficient data to evaluate where and when business-critical events may occur,” added Amjad. “In other words, there is often insufficient context for anticipating and preparing to respond to cyber threats.  At the very least, companies need skilled professionals with deep institutional knowledge to patch the data together manually.”

The ability to use high-volume Big Data (billions of records) and execute queries in seconds to identify anomalous patterns can help organizations evolve from monitoring cyber-threats to managing cyber-threats. This in turn can help them to map their susceptibility to attack; detect previously-unknown threats and zero days; prioritize cybersecurity investments; satisfy regulatory inquiries; and provide real-time data to executives that quantifies cyber-risk and enables better decisions.”

It takes horsepower supercomputing to do this in near real-time; the effort would take significantly longer with traditional computing platforms.

“The market is now at a tipping point where cybersecurity operations are starting to transcend tactical ‘monitoring’ and become significantly more sophisticated,” Amjad said. “Technology advances in multiple areas, including: high-speed access to abundant datasets (threat sharing, real-time network traffic, unstructured business data), innovative automation (analytics, machine learning, visualization), and evolving forensic and incident response tools, are driving this sophistication.”

Companies adopting these types of offensive steps will no doubt find that they need new personnel capabilities, the report found. Many cyber-professionals don’t have the skills to do predictive threat intelligence or predictive analysis of past breaches. At the very least, extensive collaboration between analytics and cyber-professionals may be required. And cybersecurity projects will need to rapidly move up the priority list for analytics groups.

Infosecurity: http://bit.ly/20Pwppy

« Know Your Enemy: The Most Popular Hacking Methods
Israel Is 15 Years Ahead in Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

GoPlus Security

GoPlus Security

GoPlus is working as the "security infrastructure" for web3, by providing open, permissionless, user-driven Security Services.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

PRE Security

PRE Security

PRE Security is leading the transition into the next era of AI cybersecurity with a new model: Predict & Prevent.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

TriVigil

TriVigil

TriVigil offer a full-service, comprehensive cybersecurity approach specifically tailored to meet the unique needs of educational institutions.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.