This post is also available in: עברית (Hebrew)
Ever since the dawn of man, survival was a shaping factor in the evolution of man and society. Truth to be told, 10,000 years ago life was more challenging and there is a vast difference between fending off a 400kg sabre-tooth tiger who plans on turning you into breakfast than fending off a persistent cyber attacker, but the basic rules still implies – you must use the right tool for the right job. The right tool will make the difference but it must be accompanied with the right tactics. In every campaign what makes a brilliant warlord is the ability to adapt in real time and align the tactics and the tools to the mission at hand. This is also the approach needed to successfully mitigate and defuse complicated cyber events.
The Right Tactics
The worst outcomes of the bloodiest battles in human history was always the result of one side being outmanned or outgunned or both, usually as a result of poor tactics, short sighting of the developed scenario and disregarding of the opponents capabilities. Trying to enforce older maneuvers on a new developed threat will generate devastating results, especially when those Tie-breakers come into play – we’ve all witnessed the results of air superiority in a confide territory and what a 2,000 dollar rocket launcher can do to a 5 Million dollar tank when hit by numbers or what a 20,000 dollar handheld heat seeking missile can do to a 20 million dollar jet airplane, now think on a lightweight, low footprint, cyber grade application DDOS attack that doesn’t use any brute force or generate any ruffles, but rather silently turns your datacenter or your critical infrastructure into rubble in a matter of hours.
Staying agile and dynamic in the face of ever changing threats by adapting new policies and assets will not make you immune to cyber events but rather reinforce your ability to better mitigate those threats and recover in a timely fashion with the right resources at hand.
The problem is that adaptation equals change, both in approach, methodologies and tools, and change is often easily said than done. Just look on how many changes in Information security we had to endure in the last couple of years. In less than 10 years we have unwillingly shifted our security defensive approach from focusing on exterior threats, originated from the “big and bad internet” to the horrific reality that the enemy is within us, then we needed to adapt to the fact that the barriers we worked so hard in building around our organization, reinforced with DMZs as watch towers over demilitarized zones are far of being effective since wireless and mobility technologies has changed the landscape and just lately we needed to adapt to the fact that even proprietary infrastructures and protocols are far from being immune to cyber threats and that complicated cyber events such as engineered malware and APTs cannot always be blocked at entry, ratter they require a more pragmatic approach to be defused. This new reality was a rude awakening on organizations and vendors alike.
The Right Tools
Whether change is welcomed or not, it is a necessity driven by the new reality embraced on us. One must remember that change of tactics and technologies is what make cyber warfare campaigns so unpleasantly successful. Cyber offenders constantly adapt their malicious payloads with stealth and dormant features in conjunction of intelligent command & control channels aimed to align the threat with the target environment.
With this level of inventiveness in mind, originating from the attacking side, it’s no surprise why traditional Information security tools and methodologies fall short of preventing major cyber events.
Little by little an arsenal of commercial grade cyber defense solutions has being developing within the market. Some of it is the work of niche vendors, some of major security vendors who developed (or acquired) their own proper offerings. Although cyber defense products are far from being perfect, at most they come at high cost in terms of initial CAPEX investment and high OPEX due to expensive TCO and are far from being intuitive to the level we got accustomed to, they in fact provide a genuine fighting chance. What those solutions lack in cost and comfort they supplement with cutting edge defense technologies, usually on the basis of sophisticated, adaptive algorithms which are required to deal with unknown zero-day threats.
Technologies such as Network Behavior analysis, Forensics of Big data, Sandbox simulation and mitigation, Deception, DDOS mitigation and SCADA aware Next Generation security solutions, all represent the right tools for the complicated mission upon us.
The traditional Information security solutions (i.e. FW, IPS, WAF, etc’) alongside traditional methodologies (e.g. Defense-in-Depth) are still a vital piece of the defense foundation for every organization and has an important role as policy enforcement layer, but they along are insufficient as first line of defense in the face of ever increasing and changing threats.
What amazes me today, is that after all we’ve seen, heard and felt, still, there are those who continue to claim that Cyber warfare is just a hype, a Populistic notion at best and that there are no compelling reasons to upgrade the security infrastructure.
For me this kind of claims resembles those careless pedestrians who cross over a busy highway in red light while looking away from the direction of the coming traffic, thinking that if they can’t see the cars coming than they are probably safe.
By: Tomer Nuri – CTO
Netcom (Malam-Team Communication) Ltd