With all of the attention on the recent WannaCry ransomware attack, it’s clear that the number of attempted data breaches and cyber attacks will only continue to increase.
It would be one thing if security teams only had to keep up with the increasing number and types of attacks. Unfortunately, there are four technology trends that present new security challenges, putting today’s security professionals at a serious disadvantage and disrupting previously successful methods.
Trend #1: Threat signatures – which fall short
In the past few years, malware-authoring techniques have evolved to the point where security tools that rely on threat signatures simply can’t keep up. Or, in the case of zero-day attacks, hackers can exploit a vulnerability the company didn’t even know existed, which means that no threat signature could have successfully prevented the attack.
With signature-based threat detection, security teams are forced to operate in the dark – and as a result, their overall security suffers.
Trend #2: The increasing use of end-to-end encryption
Whenever two devices in a network establish an end-to-end encrypted connection, their conversations are invisible to everything else. Yet many of the most important enterprise-level security controls, tools such as next-generation firewalls, IDS solutions, payload detonation devices, and many more, all rely on deep packet inspection (DPI) to examine the data contents of packets as they move through the network.
End-to-end encryption makes DPI much less effective and prevents security teams from being able to detect if suspicious content exists in the packets.
Trend #3: Bring Your Own Device (BYOD)
To best understand the implications of this trend, consider this thought: Have you recently purchased an electronic device that did not attempt to connect to a network in order to do what it was designed to do? Most likely the answer is no, and examples of non-connecting devices are becoming extremely rare.
Consider the effect of the related bring-your-own-device (BYOD) trend where employees are bringing personal laptops, tablets, phone, and other devices in the workplace. The problem is that these devices can’t be controlled – or secured – in the same way as other corporate assets.
Trend #4: Information overload
Virtually everyone who has worked in incident response or information security realize that that there is too much information to process efficiently or effectively. There are simply too many machines, generating too much data, requiring too many man-hours for analysts to respond to various alerts, and more frequently, false positives.
Solution: Endpoint modeling
These four trends all add up to the reality that enterprise security is being substantially disrupted and common security tools and technologies can’t keep up. Endpoint modeling can be the answer to overcome these challenges. Endpoint modeling is a security technology that automatically discovers each device on a network, creates a model of that device’s “normal” behavior, and continuously monitors this behavior over time to look for any deviations.
This way, when an exception does occur, the endpoint modeling solutions generates a real-time, actionable alert. Security analysts can quickly drill down to see exactly what is happening and take the most appropriate action to resolve the issue.
For example, endpoint modeling can tell human operators if:
- A medical imaging server is suddenly visited by an unknown IP address;
- A domain controller interacts with Google forms for the first time;
- A multi-function printer attempts to transfer a file outside of the firewall; and
- Any other new or different device behavior that could be the first sign of compromise – or a potential attack.
As IT and security professionals seek new alternatives to detect and prevent an increasing number of cyber attacks, they must first consider four significant technology trends and understand their growing impact on network security. When they do, they can begin to see how endpoint modeling can provide an advantage, both in addressing these concerns and in giving them the right tools they need to improve their security efforts.
[su_box title=”About Patrick Crowley” style=”noise” box_color=”#336588″][short_info id=’102284′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.