In the cat and mouse game that is enterprise security, it is hard to determine who has the upper hand, so we put the question to two experts. Give their arguments a read, vote on the position you most agree with and add your thoughts in the forum below.
Senior Vice President of the Endpoint & Mobility Group at Symantec says we are winning when you consider the headlines are driven by a tiny fraction of successful attacks while the vast majority of attempts are nipped in the bud. View debate
CEO of Wave Systems says the situation is bad and getting worse as attacks get more frequent and more sophisticated. View debate
We’re out ahead
When we announced the discovery in October of the Duqu attack, a remote access Trojan that was a precursor to a future Stuxnet-like attack, the news made headlines worldwide as another example of just how sophisticated and insidious cyber thieves have become. Add Duqu to the other attacks and data breaches that received significant media attention in 2011 and it is understandable why there’s a growing perception that attackers are winning the cyber security war, and companies are helpless to keep their information and interactions safe.
That perception is incorrect. In fact, when you compare the handful of successful attacks to the millions that are thwarted every year, you find the cyber security war is extremely one-sided in favor of the good guys.
I don’t want to downplay the significant risks attackers pose to organizations; a data breach can result in the loss of millions of dollars and irreparable damage to reputations. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. That number is overshadowed by the few successful attacks that receive media attention.
Approximately 144,000 malicious files are detected each day. This translates to a rate of more than 4.3 million each month. This war against malware authors is constant and ongoing, similar to the ongoing war on crime. Security professionals are like the police – we don’t expect the police to eradicate crime altogether, but they play a critical role in preventing criminals from winning that war.
That raises a critical point: of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside of the organizations’ endpoint security software – proving that while signature-based antivirus plays a critical role in preventing threats, it’s no longer an exclusive role. Organizations must work closely with their security vendors and solution providers to ensure they have implemented the latest technologies to mitigate attacks. Vendors don’t release new versions just to generate revenue; they do so because their older technologies become less effective over time.
Because the threat landscape is constantly evolving, organizations need to be able to quickly and easily update their networks and endpoints with the latest operating system and application patches. Here’s where security software has a distinct advantage over a hardware-assisted security solution, which are more difficult to update. With more than 286 million new threats found last year alone, previously unknown and highly sophisticated threats emerge on a regular basis, requiring solutions that are nimble enough to react and effectively thwart them.
New layers of protection technology are making an incredible impact. Reputation-based security stops mutating malware by analyzing and maintaining contextual data for billions of application files and assigning each a risk score. Complement this with a layer of real-time behavioral prevention to thwart targeted attacks. Additionally policy-based intrusion prevention solutions provide solid defense for business critical server workloads, without impacting performance. Each new technology steps up to meet the latest attacker challenge.
This comprehensive and effective approach gives organizations the freedom to choose best-in class solutions and provides the speed and agility needed to respond to today’s rapidly emerging security threats.
That’s not to say that other tools cannot play an important part in an effective security posture. There simply is no silver bullet that will prevent all attacks, and companies should not rely solely on technology. Here are the necessary steps any organization can take to ensure it is not leaving itself open to attack:
• Develop and enforce IT policies. Prioritizing risks and defining policies can help you enforce policies through built-in automation and workflow to protect information, identify threats, and remediate incidents as they occur, or even anticipate them before they happen.
• Take an information-centric approach to protect both information and interactions. You must know where sensitive information resides, who has access to it, and how it is coming in or leaving your organization.
• To control access, you must validate the identities of users, sites and devices throughout your organization.
• Manage systems by implementing secure operating environments, distributing and enforcing patch levels, automating processes to streamline efficiency, and monitoring and reporting on system status.
• Protect the infrastructure by securing all endpoints and messaging and Web gateways. antivirus alone is not adequate.
• Build a security-aware company culture which includes all levels within an organization. This best practice is often overlooked, but it is crucial to ensuring employees are contributing to the success of your security strategy. They will help you win the cyber security war.
The onus is on security professionals to continually evaluate and update security postures to keep up with the bad guys. Advances made to technologies that used to be thought of as “nice-to-have,” like DLP, encryption, intrusion prevention and reputation-based security, are making it much harder for the bad guys to get in and get stuff out. While it may be impossible to win the cyberwar, we are at least staying out ahead.
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
We’re losing the war
Seriously, is there even really any question about it? Over the past year, the heads of the Nuclear Energy Regulatory Commission (NERC), the Defense Department’s new Cyber Command and other top officials across government and industry have flatly stated that they can’t protect their IT systems from unauthorized intrusion. U.S. intelligence agencies have actually named China and Russia as the main sources of cyber attacks and alleged which groups in China actually performed attacks – diplomatic and economic consequences be damned.
Vying for “Worst Cybersecurity News of the Year” was December’s revelation that a U.S. spy drone may not have crashed in Iran. The Iranians claim they spoofed GPS data to make the drone think it was returning to home base. If true, the consequences are chilling. Experts have disagreed for years whether a Cyber Pearl Harbor is possible or what it would look like. We just got our answer: Yes, but next time, our planes – not our enemies’ — will drop the bombs.
Cybercrime as an industry has posted growth numbers – the number and cost of data breaches, new malware and Advanced Persistent Threats (APT), you name it – that would make Wall Street drool. What’s more, the deluge of news written about data breaches represents only a portion of the problem. Current laws and regulations require reporting the loss of only personally identifiable information, not other highly valuable intellectual property such as sales figures or product design data. That means data breach costs are actually much higher.
Not only are cyber attacks getting more sophisticated, frequent and expensive, but our national addiction to convenience and shiny new toys is making things worse. Key among these double-edged swords currently cutting us are cloud and mobile technologies and the consumerization of IT; we have gone from desktops and Blackberries that have relatively good security to cloud services and Apple and Android devices that often don’t. In all these cases, we lack the self-discipline to make information assurance and regulatory compliance necessary preconditions to securely adopting these promising technologies.
Our cyber enemies are using our own critical infrastructure and intellectual property against us to enrich themselves. What’s worse, we often help them. When we look at all these factors, saying we’re winning the cybersecurity war becomes ludicrous. If this is winning, what would losing look like?
Our current IT security paradigm obviously doesn’t cut it anymore. More and more, government and commercial best practices recommend adding an independently managed layer of hardware-based protection to any IT security portfolio. Increasingly, organizations that rely solely on software-based IT security aren’t bringing even a knife to a gunfight.
If we’re going to win the cyber security war, we have to move to a global “zero tolerance” policy for cybercrime and data breaches. Whether they admit it or not, most people think cyber crime is something that happens to others, or is something they can get away with hiding. This common misconception is a key enabler for cyber attacks and it has to go.
Enacting a zero tolerance policy must start in government and industry board rooms and, if necessary be pushed through public and private sector research, education and regulation. Key steps include:
• Every vendor needs to build in security by design (no more taping airbags to the dashboard) and the enterprise needs to invest in upgrading their security with built-in solutions. This includes paying real attention to information assurance instead of lip service, and rapidly implementing technologies known to counter evolving threats, such as Trusted Platform Modules (TPMs) and device-based identity.
• We need to strengthen data breach notification laws to require disclosure of more types of data. Moreover, the penalties for noncompliance must be severe enough to make companies take notice.
• Both government and industry alike must quit debating game plans and org charts and implement a shared strategy. We need to stop arguing about who deserves a first-class cabin on a sinking ship and start getting serious about fixing leaks.
• Likewise, government and industry should uphold the National Strategy for Trusted Identities in Cyberspace (NSTIC), which will create an “Identity Ecosystem” where people can choose among approved public and private suppliers of trusted credentials that prove their identity.
We’re losing this war for cyber security, but we know how to win. We’ve just got to ask ourselves one question: What are we prepared to do?
Wave Systems is a leading provider of client and server software for hardware-based digital security, enabling organizations to know who is connecting to their critical IT infrastructure, protect corporate data, and strengthen the boundaries of their networks
Want more Tech Debates? Check out our archive page