Tag Archives: siem

Cyber Crimes Outpace Innovation

IT systems have never been more powerful or accessible to businesses. However, the scope and scale of cyber crimes continues to outpace tech innovation.

For years, the challenge for internal IT and security teams has been to use existing company data to construct an integrated picture of oddities and unexpected actions on their network. Recent advancements in machine learning and behavior or anomaly-based analytics that leverage existing enterprise logs have provided security teams with much more accurate intelligence than ever before.

See also: 3 Technology Trends Worth Watching  

In the past, security expertise was embodied in signatures, representing particular and specific types of malware. In time, the experts couldn’t keep up, signatures were out of date or not installed quickly enough, and hackers began to take full advantage. An attack from an employee account is signature-less, making conventional security approaches that rely on blacklists ineffective.

Security experts quickly realized that pattern patching alone wouldn’t work, so they added rules, such as the correlation rules found in security information and event management (SIEM). For example, if an HR employee has been terminated and begins accessing sales data for the first time, something is likely wrong, and an alert will immediately be sounded.

Technology outpaces analysis

As the number of endpoints (i.e. mobile devices) skyrocketed, so did the volume of data to be analyzed by firms, making it more difficult for security experts to rely on cut-and-dried rules. Existing—not to mention expensive—intelligence tools, typically some form of SIEM, were supposed to predict and detect these types of threats, but were unable to keep up. This left companies at an all-time vulnerable state for both insider threats and hackers.

Experts predict a 4,300 percent increase in annual data production by 2020 and IDC anticipates that the “digital universe” of data will reach 180 zettabytes in 2025 (that’s 180 followed by 21 zeroes). Thankfully, open source big data systems have provided a way to collect, process and manage monstrous amounts of data.

Open source big data technologies such as HDFS and Elasticsearch enable solutions that handle petabytes of security data with ease. This not only allows firms to store a wide range of data sources, but also reduces overhead cost of data storage altogether, which can reach millions of dollars annually for large organizations, due to the cost of vendor data management hardware and vendor per-byte pricing models. Consequently open source big data frees up the budget to invest in stronger analytics.

Algorithms crunch data

Another major advancement that has fortified cybersecurity tools is machine learning. The method of analysis flips the expert approach on its head; instead of requiring expert rule-writers to guess at attacks that might come, machine learning algorithms analyze trends, create behavior baselines—on a per user basis—and can detect new types of attacks very quickly using baselines and statistical models. These systems are more flexible and effective than any pure expert-driven predecessors.

See also: Innovation: ‘Where Do We Start?’  

Technology options available to enterprises are at an all-time high, and so are the number of cyber crimes that are committed. Fortunately, as technology has advanced, so has the ability to seek out cyber criminals that may have been virtually invisible in the past. User and entity behavior analytics and machine learning technology continue to provide chief information security officers with the accurate insights they need to thwart attacks before severe damage is done.

This article originally appeared on ThirdCertainty. It was written by Nir Polak.

As IoT Expands, Risks Grow Even Faster

Get used to it. The Internet of Things is here to stay. In fact, IoT is on a fast track to make all manner of clever conveniences part of everyday commerce and culture by the close of this decade.

Tech research firm Gartner estimates IoT endpoints will grow at a breakneck 32% compounded annual growth rate over the next few years, reaching an installed base of 20.8 billion IoT units by 2020.

See also: Insurance and the Internet of Things  

Tiny, single-purpose sensors designed to collect rich profile data on individual behaviors — as well as on company systems — can already be found in all manner of medical devices, automobiles, TVs, gaming consoles, webcams, thermostats, utility meters, household appliances, manufacturing settings and wearable tech. Much more is coming.

It is incumbent upon the businesses that deliver both the IoT devices — and the new internet-connected services that IoT sensors make possible — to address the security exposures that are part and parcel of this rapid scale-up. Fortunately, cybersecurity vendors are stepping up innovation to do just that. Gartner projects that worldwide spending on IoT security will reach $348 million in 2016 — up 24% from 2015 spending — and will climb steadily to $840 million by 2020.

I recently sat down with Johnnie Konstantas, director of security solutions at Gigamon, a supplier of network visibility technology, to discuss what’s on the horizon. The following text has been edited for clarity and length.

3C: What is the core security challenge accompanying our rapid deployment of billions of IoT sensors?

Konstantas: IoT sensors are quite small and pretty cheap, too, and they don’t have a lot of memory on them. Their whole point is to store a little bit of information and then just forward it on to the cloud. If you think about how we traditionally use things like encryption and a firewall to secure a mobile phone or laptop, that’s very hard to do on a small IoT sensor.

So what you have is a conduit into the corporate network deployed for the purpose of receiving intelligence, and you can’t really push perimeter protection out to these IoT devices.

There’s no question IoT sensors can potentially be a way in. The IoT endpoint could get infected with malware, or it could be used as a lily pad to jump in deeper.

3C: What defensive approaches look promising?

Konstantas: A lot of it comes down to continuous monitoring. These devices are going to always be on, transmitting intelligence. The idea is to continuously understand what the IoT device is forwarding or receiving 24/7. Sounds like a tall order, but doing that allows you to essentially perform analytics on IoT-generated traffic. And with the proper kinds of security analytics in place, you will be able to surface anomalies.

See also: How the ‘Internet of Things’ Affects Strategic Planning  

3C: Sounds like big data analytics with an IoT twist.

Konstantas: Yeah, exactly. Big data analytics is nothing new. Security analytics is nothing new. But both are actually seeing a resurgence. Call it SIEM (security and information event management) 2.0 for lack of a better word. This time, SIEM is not so much about collecting large volumes of data; it’s more about getting the right kinds of data. It’s about pruning my data feeds to figure out whether I have any risks associated with my IoT deployments.

3C: What key developments are on the horizon?

Konstantas: I’ve been in security since ’98, so I’ve seen a few patterns play out. The one constant has been that when cool technology emerges — like our ability to do commerce on the web or virtualized storage and computing — adoption tends to be a lot faster than the arrival of the technology to secure it. So it’s fair to say that our desire to take advantage of sensor networks and IoT is going to outpace our ability to roll out security infrastructure to secure them as well.

More stories related to the Internet of Things:
Technological armor evolves to keep IoT devices safe from attack
Ripples from Internet of Things create sea change for security, liability
Consumers should brace for home network intrusions in 2016

This post originally appeared on ThirdCertainty.