Last week’s Gigamon Cybersecurity Summit in New York was a sobering reminder that these are difficult times for enterprise security. It’s not uncommon for the media to portray the rise of cybercrime in scary terms, but this was a security event where security professionals talked about the changing landscape and the tone was almost as ominous.
Gigamon CTO Shehzad Merchant called his keynote “From attacks on data to attacks on flesh, blood and steel” and made the case for cybercrime escalating to a point where it becomes life threatening. He talked about IoT and connected technologies becoming so pervasive that cyber attacks had the potential to pose very different kinds of risk.
Increasingly smart cars are packed with computer power, automation, and connected sensors that conceivably could be hijacked and used to make the vehicle unsafe. IoT and wireless are enabling remote monitoring that raises the standard of healthcare but also opens the door to threats. A couple of years ago Johnson & Johnson alerted patients to a security vulnerability in one of its insulin pumps that could have been used to overdose diabetic patients.
There may be a low risk of these doomsday scenarios actually happening, but the conference highlighted how network-based technologies are evolving quickly and forcing us to rethink what the security landscape looks like. The challenge is to come up with new ways to protect it.
We are getting to a point where the lack of regulation and standardization around IoT devices is becoming a problem. Cheap sensors provide an easy way in to the network for a hacker, so the sooner the industry can get together and lock down potential vulnerabilities, the better.
All of this pointed towards another big topic that emerged in a panel discussion at the event. One speaker suggested that the network was the next big security battleground. It sparked a lively discussion but no one disagreed. This emerging wisdom in information security dovetails well with Corvil’s longstanding focus on the network as a single source of truth, and commitment to deep, real-time analysis of network traffic.
There was a tangible sense of frustration that topping up security budgets and throwing money at the problem wasn’t working. New threats will always pop up and break through. One of the panellists argued that organizations must look beyond traditional solutions, because current security frameworks and the way most operations teams work are going to be obsolete in five years.
The rest of the panel agreed that if you don’t have network visibility, you’re in trouble. Relying on endpoint visibility or just protecting the edge without understanding what’s happening in between isn’t going to be good enough going forward.
There was also a resigned acceptance that there’s no magic bullet, no perfect solution to a threat landscape where it’s impossible to guess from where the next attack is coming. In a nutshell, how can you build an integrated security ecosystem to protect your organization against everything when you don’t know what everything is?
Another panellist reminded everyone that it’s not just outside threats that need to be overcome. Employees present some of the biggest risks. Even after investing huge amounts of time and resources into cyber security awareness campaigns a survey revealed that 17 percent of users will still click on every link they receive. The question security teams must answer is: how can we identify the one or two users accounts that became compromised because of those clicks without having to manually investigate every person in the 17 percent?
This is another perspective with which we strongly agree, and for which Corvil has innovated a solution. By enriching network traffic streams with user account identity and applying machine learning to evaluate behaviors and tendencies of users, Corvil can identify with a high degree of accuracy anomalous behaviors. By capturing and performing a layer 2 to layer 7 decode of traffic, Corvil automatically provides security teams with mappings of user accounts to hosts and allow for faster, deeper investigations of activity highlighted as most risky.
Find out more about how Corvil helps track user activity to identify insider threats.