Malware has evolved to evade traditional security defenses and move laterally looking for vulnerabilities. It may even force a generational shift in security.
Security breaches are now a fact of life for almost all organizations. New attacks don’t respect traditional boundaries and perimeters, from a country’s borders to enterprise firewalls and intrusion prevention systems. This means that the definition of national security within a cyber context is limited to government institutions, not organizations with operations within a nation’s borders.
Today breaches are simply a fact of life in the cyber age. A report tracking the largest breaches of 2017 also said breaches in 2016 had increased by 40% (over 2015 - including the Yahoo compromise of more than one billion accounts) and that 2017 “could get even more messy and more serious.”
Verizon’s 2017 Data Breach Investigations Report (DBIR) is a detailed study of cyber threats. Subsequently DBIR provides an ideal analytical framework for enterprises seeking to reduce cyber risk.
I have been very lucky in my career. I started in Chemical Engineering but the labs were too smelly and dangerous for me. So, I switched to the relatively clean world of Electrical Engineering in my senior year. How’s that for career decision-making criteria? But, it worked out. At some point I saw the value of Ethernet and TCP/IP to foster scale and ubiquity. I have been focused there pretty much ever since.
A new paradigm is needed in the industry. The concept of networking was created with the logic that connectivity is enabling and this concept was implemented in such a way where security was simply an afterthought and has created a situation where security is always in catch-up mode.
In those attacks which are not classified as APT, this is normally not very difficult. However in the case of APT, it is very difficult to profile an attack and get an idea on which technologies would have helped or mitigated the attacks. It’s often impossible to track down the initial point of compromise in an APT attack because they tend to cover their tracks very well.
TCP/IP connectivity starts with a DNS look-up so that Endpoint A, seeking to establish a connection to Endpoint B, can determine B's IP address. Not knowing when a connection request may be coming, Endpoint B has to continually listen for the arrival of such requests. Not even knowing who the requester is, Endpoint B must respond to the connection request to establish a TCP connection. Only then can Endpoint B seek more information from Endpoint A to try to establish its identity, authorization, and trust.
As a security industry professional, the amount of news stories this past year have been eye opening. The ramifications from enterprise security attacks on companies such as Sony Pictures and Ashley Madison have been detrimental to our homeland security, financial and entertainment institutions, and have, well...caused a divorce or two.