home More... New Products Becoming Active – Proactive Cyber Security

Becoming Active – Proactive Cyber Security

Apr 3, 2013

This post is also available in: עברית (Hebrew)

In the age of growing threats to the computing infrastructure of any organization, it has become necessary to define a new paradigm of security solutions.

The traditional methods used to secure existing computer systems and infrastructures through firewalls, IPS/IDS, antivirus, etc., may only provide a moderate, yet insufficient level of protection.

We are all aware of the ‘cyber’-trend in the last years. We’ve heard about cyber-attacks, cyber-intelligence and cyber security. There is no sense in the addition of endless layers of protection and security defenses to systems and infrastructures. The economic impact and maintenance in trying to do so may be devastating.

In the end, organizations need to be aware of the threats they are facing, and to protect against them. I’ve come around organizations that do security audit or penetration test because they are committed to some regulations. An audit, or penetration test, is very limited in the essence of security. Audit, is good for the time it was taken and penetration test is done according to the knowledge of the hacking. Meaning, that if a new threat/vulnerability/configuration was done after the audit, the IT manager/Security officer will not be aware of it, and hacker knows a limited of hacking techniques, while there are many more that he doesn’t know.

The only way to be up-to-date on the vulnerability status of your organization is to be PROACTIVE. PROACTIVE means to continuously check your lines of defenses from cyber attacks. Those lines of defenses start with the perimeter defense, the network, the hosts, the applications, the data and resources your organization might have.

Across those ‘Layers’ security and cyber-security defense techniques should be implemented, but never-the-less be tested proactively!!!

The vulnerability analysis should be done periodically, automatically and test all lines of defenses that will ‘participate’ in a cyber attack.

We need to have a tool that thinks like a hacker, and can conduct BOTH simulated attacks and controlled physical attacks on the organization’s infrastructure.

This tool will ‘direct enemy’ attack for the purpose of exposing the organization’s vulnerabilities. Then it will prioritize those vulnerabilities, insight the business impact and offer an ordinary mitigation plan report to protect us from those vulnerabilities and risks.

There are couples of vulnerability analyzers in the market. One should carefully examine the technologies and pre-requisites of those utilities. Some vulnerability analyzers examine the configuration of the firewalls and routers then try to conclude on the protection they provide. These analyzers are limited in their capabilities due to the fact that they check the configuration of limited devices and not the infrastructure resiliency as a whole.

In order to protect against hacker’s cyber-attack, we need to think and act like a hacker. A hacker will fuzz the protocol, use real time traffic simulation, bring the infrastructure to a load and only then commit an attack. We need to be prepared against ever-evolving threats and check the infrastructure PROACTIVLY and continuously.

Israeli start-ups are developing cutting-edge cyber security technology. Some of them provide Proactive Security Risk Management example Skybox solution which provides proactive (passive) security risk management and Thalamus HLS which provides proactive (passive& active) security risk management for various platforms (LAN, SCADA, mobile etc.)