Cyberattacks have become increasingly sophisticated, as current attackers are disciplined and use systematic techniques that leverage advanced malware, spam, phishing and other attacks with strategic intent and goals, says information technology (IT) supplier Cisco local consulting systems engineer Greg Griessel.
Citing the 2015 ‘Cisco Security Report’ (CSR), he notes that cyberattackers continue to innovate and that, with the rapidly changing threat landscape, “security professionals face an era driven by a new breed of highly motivated and well-armed adversaries . . . this is the industrialisation of hacking”.
Griessel argues that such industrialisation has created a faster, more effective and efficient criminal economy that is profiting daily from attacks on different organisations’ IT infrastructure. “It is no longer a matter of if these attacks will happen, but when and for how long,” he says.
The technology industry must “up [its] game and provide reliable and resilient products and services [that are] vastly improved, yet meaningfully simplified, [with] capabilities for detecting, preventing and recovering from attacks”, he says, pointing out that the industry currently faces four major challenges.
1. The Networked Economy
Griessel believes that organisations leverage technology for a competitive or operational advantage and, as a result, current networks include not only networks but also all devices and end points, both mobile and virtual, that extend to wherever people are and wherever data is.
These networks and their components constantly evolve and create new attack paths, or vectors, in mobile devices, Web-enabled and mobile applications, and hypervisor software – all of which manage multiple operating systems, he explains. Vectors can also be created across social media, Web browsers, home computers and even cars.
He adds that in a globalised and mobile-centric world, the cyber threat landscape is much the same across the globe – i.e. a cybercriminal’s tactics can impact someone in the UK and have the same impact on a South African due to networked technologies.
2. The Dynamic Threat Landscape
Griessel maintains that attacks are becoming increasingly profit-driven and that sophisticated efforts are often/ can be controlled by well-funded organised crime syndicates, and the more valuable data and insight becomes, the more attractive hacking becomes
He further notes that the impact of successful cyberattacks can be staggering and that, according to the CSR, 54% of all attacks are not detected for months or even years and, if discovered, it might take several weeks before full containment and remediation are achieved.
3. Complexity and Fragmentation
Many security systems comprise a patchwork of solutions from multiple vendors, says Griessel, who frequently encounters large enterprises that have between 40 and 60 solutions from different security vendors, resulting in complex and costly security environments that are often breached. “[These] best-of-breed environments can present multiple weak points for attack,” he says.
4. Security Labour Market
While the lack of in-house technology skills needed to maintain a strong security status is a problem, it exacerbates other challenges, Griessel notes.
He says that, in 2014, Cisco reported that the worldwide shortage of IT security professionals was estimated at more than a million – an indication of how much demand there was at the time.
He adds that multivendor security environments require organisations to secure a range of skills to manage them. Since demand for security professionals is greater than supply, many organisations struggle to attract and retain them, further constraining security teams.
Next generation firewall
Cisco introduced its Adaptive Security Appliance (ASA) with FirePOWER Services in September 2014. This solution provides protection from the data centre, through the network, to the end point and can identify, understand and stop advanced threats in real time and retrospectively, says Griessel.
He notes that this next-generation firewall, which combines Cisco’s intrusion prevention system, or firewall, with software developer Sourcefire’s advanced malware protection, provides an integrated threat defence. This helps businesses address their biggest security risks of advanced threats – continuous stealthy attacks and zero-day threats – exploiting a vulnerability on the same day that a vulnerability becomes known.
The main attribute of ASA with FirePOWER is that it consolidates multiple security layers into a single platform, offering ample protection at a good price.
Meanwhile, Griessel boasts that another Cisco tool, the Identity Services Engine (ISE), launched in October 2012, delivers superior user and device visibility to support enterprise mobility experiences.
“The ISE is a security policy management and control platform that automates and simplifies access control and security compliance for wired, wireless and virtual private network connectivity,” he explains, adding that the solution helps IT professionals conquer enterprise mobility challenges and secure the evolving network across the attack continuum.
Griessel asserts that the sum of these tools is more important than their individual features or benefits, as it enables Cisco clients to combine indicators of compromise, derived from multiple sources, with contextual information.
“ . . . we don’t just detect incidents, we interpret them and determine their origin. We also evaluate their impact and search for other occurrences of identical or similar incidents,” he concludes.