New network defenses leave intruders with no place to hide

SMBs should focus on detection, not prevention, to keep systems safe from attack

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

When he unveiled his new “nation­al cyber­se­cu­ri­ty action plan” last Feb­ru­ary, Pres­i­dent Oba­ma called for an over­haul of aging gov­ern­ment net­works and wider shar­ing of secu­ri­ty intel­li­gence.

The pres­i­dent also rein­forced the notion—long held by the glob­al cyber­se­cu­ri­ty community—that a fun­da­men­tal shift in empha­sis from pre­ven­tion to detec­tion must hap­pen in order to slow down the bad guys.

Free resource: Putting effec­tive data risk man­age­ment with­in reach

Third­Cer­tain­ty recent­ly sat down with Justin Har­vey, chief secu­ri­ty offi­cer at Fidelis Cyber­se­cu­ri­ty, to dis­cuss how pre­vent­ing intrud­ers from steal­ing data and/or dam­ag­ing sys­tems once they get inside a net­work, is where some major advances are unfold­ing. Text edit­ed for clar­i­ty and length.

3C: What kinds of defens­es are large, or even mid­size, orga­ni­za­tions deploy­ing?

Justin Harvey, Fidelis Cybersecurity chief security officer
Justin Har­vey, Fidelis Cyber­se­cu­ri­ty chief secu­ri­ty offi­cer

Har­vey: The typ­i­cal net­work stack is a best of breeds sit­u­a­tion where they’ve got fire­walls, intru­sion detec­tion sys­tems and intru­sion pre­ven­tion sys­tems that look for known threats that have been seen before. You might also have uni­fied threat man­age­ment that is deliv­er­ing any virus updates and apply­ing threat intel­li­gence.

So you’ve got this whole stack of net­work devices. What we have seen is a trend where our largest cus­tomers right now are con­dens­ing their net­work stack. There is a trend to con­sol­i­date to one sin­gle ven­dor that owns the fire­wall, IDS and IPS, and also run­ning net­work mon­i­tor­ing and net­work foren­sics.

3C: What’s dri­ving that?

Har­vey: Cost and com­plex­i­ty. There has been a bit of a hon­ey­moon peri­od over the past few years where we had this fren­zy of new ven­dors, and it’s not sus­tain­able. If you have dif­fer­ent solu­tions from dif­fer­ent ven­dors, you have all of those main­te­nance con­tracts. And every sys­tem has a dif­fer­ent user inter­face. And you can’t hire or retain enough peo­ple to man­age it all. So com­pa­nies are going to have to slim down to just a few solu­tions to be able to man­age it all.

3C: Clear­ly large orga­ni­za­tions have access to a lot of cut­ting-edge tech­nol­o­gy. What about mid­size and small busi­ness­es?

Har­vey: Our prod­ucts are designed to help mid­size com­pa­nies be able to under­stand and quick­ly iden­ti­fy what is leav­ing the net­work. Mid-mar­ket com­pa­nies that are mov­ing to the cloud want to be able to see what’s leav­ing their net­work. They can do that by using our cloud solu­tion. We have an Office 365 com­po­nent.

But the big­ger mes­sage here is that you can pick up where oth­ers leave off. We have com­plete vis­i­bil­i­ty over the net­work and over all the end­points. Basi­cal­ly, there’s nowhere for attack­ers to hide any­more. And if they do get in the front door, then we have oth­er mul­ti­ple areas to stop them.

3C: So how does a com­pa­ny begin to sift through dif­fer­ent ways to address secu­ri­ty?

Har­vey: Part of the advice I would give to orga­ni­za­tions today is to clas­si­fy your data for what’s sen­si­tive. Then put poli­cies, pro­ce­dures, tech­nol­o­gy and peo­ple in place to be able to mon­i­tor when data is leav­ing the enter­prise. Orga­ni­za­tions today often learn of a breach from a third par­ty, some­times the FBI, or by oth­er orga­ni­za­tions that have been hit. That means com­pa­nies need to get bet­ter at under­stand­ing when sen­si­tive data is leav­ing the enter­prise.

3C: It’s a good sign that secu­ri­ty ven­dors are get­ting bet­ter every day at help­ing com­pa­nies do that.

Har­vey: Absolute­ly. The tools are get­ting bet­ter. The resources, the work­ers are get­ting bet­ter. I am very heart­ened to see Pres­i­dent Obama’s cyber­se­cu­ri­ty nation­al action plan that calls for a fun­da­men­tal shift from pre­ven­tion to detec­tion. Not all attacks can be pre­vent­ed or stopped eas­i­ly on the perimeter—we’ve been say­ing that for years. It is real­ly a detec­tion prob­lem not a pre­ven­tion prob­lem. And with the White House tak­ing that sort of approach, that’s a big leap for­ward.

More sto­ries about net­work secu­ri­ty:
Man­aged secu­ri­ty ser­vices help SMBs take aim at secu­ri­ty threats
Study finds C-Suite over­con­fi­dent about net­work secu­ri­ty
New tac­tics need­ed to search for, destroy net­work invaders