Tackling the knowns, unknowns and known unknowns of today’s cyber security landscape

By Leon Ward, Director, Product Management, Sourcefire.

  • Monday, 14th October 2013 Posted 11 years ago in by Phil Alsop

Last month it was widely reported that companies considered critical to the UK’s infrastructure that may suffer a cyber-attack will receive a response and clean-up service from a new service launched by CESG, the information security arm of GCHQ. Organisations set to make use of the initiatives range from small firms through to multinational companies, critical national infrastructure providers, central government bodies and the wider public sector.


To my mind, this underlines heightened anxiety levels about the real and present danger UK PLC faces today from cyber criminals. We are faced with a seemingly endless list of threats - malware, advanced persistent threats, zero-days, targeted attacks, viruses – the list goes on and on. But no matter how you view it, it all comes down to threats. More specifically, two fundamental types of threats: known and unknown.


Known threats are the ones your security tools are designed to detect and protect against. Still, successful attacks by known threats happen and there’s room for improved protection. However, it’s the unknown threats that pose an even greater challenge. These increasingly sophisticated attacks cleverly evade detection, bypassing point-in-time detection tools like sandboxing, to reach their target and establishing a beachhead for subsequent attacks.


As an IT security professional it’s your job to protect your organisation against both types of threats. Three advanced technologies can make intrusion prevention systems (IPS) smarter and malware protection more efficient: contextual awareness, big data analytics and collective security intelligence – all working together.


Contextual Awareness - Today’s extended networks include endpoints, mobile devices, and virtual environments and data centres. For security tools to be effective they need complete contextual awareness of the dynamic environment they protect. Consider technologies that offer continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, mobile devices and network infrastructure – physical and virtual. Smarter security solutions use the data related to your specific environment and automation to help you make more informed and timely security decisions. Visibility into file activity is equally important – knowing file heritage, behavior, and network trajectory provides additional context, or indicators of compromise, which help to determine malicious intentions, impact and accelerate remediation.


Big Data Analytics - Security has become a big data problem. You need technologies that tap into the power of the cloud and sophisticated analytics of large data sets to deliver the insight you need to identify more advanced, highly targeted threats. The power of the cloud lets you store and monitor information about unknown and suspicious files across your entire IT environment and beyond. Security tools that use a telemetry model to continuously gather data across the extended network and then leverage big data analytics help you detect and stop malicious behaviour even after a threat has passed through the initial lines of defence.


Collective Security Intelligence - To identify more obscured threats, there’s strength in numbers. Look for security technologies that can draw from a widespread community of users to collect millions of file samples and separate benign file and network activity from malicious based on the latest threat intelligence and correlating symptoms of compromise.


Chloë Smith, minister for cybersecurity was recently quoted in the Financial Times saying that “The best defence for organisations is to have processes and measures in place to prevent attacks getting through, but we also have to recognise that there will be times when attacks do penetrate our systems ….”


Attackers will always find ways find gaps in protection and evade detection but it’s the role of the IT security professional to try and stop them. Making sure your IPS and malware protection is working together is an important step in securing your networks, endpoints, virtual machines and mobile devices. The new services launched by CESG are a fantastic initiative, but if you’d prefer to avoid having to make use of them, tweak your security approach to ensure that contextual awareness, big data analytics and collective security intelligence are working together. You’ve got nothing to lose.