Major threats can be mitigated by using three simple tactics to manage user and data controls.
Speaking at the Gartner Security and Risk Management summit in London, Mark Nunnikhoven, vice president of cloud and emerging technologies at Trend Micro, highlighted breaches at Home Depot, Houston Astros, Adobe and Target, and said that the common theme was that they were all hit by an attacker who stole something, but were all major organisations who deployed security technologies and were on the ball.
He said: “Were they doing good? No, because we are seeing breaches more frequently and there is an impact on business. What is going on?”
He said that the two networks are in the data and user space. In the data space, we defend it by restricting what we let in, and specifically we control on what can speak to the servers and enforce rules with controls.
“We beef up with monitoring and look at breaches. When was the last time a breach was enabled by an attacker kicking in a firewall and getting what they wanted? With controls, you can work to reduce risk,” he said.
Focusing on the user space, Nunnikhoven said that we are “not bad with restricting inbound”, and we allow outbound and do not allow random users to connect in, but do allow users to connect out as they access the web to get their job done and do little to no monitoring.
He said: “But these spaces interact and we use two controls to monitor so interaction is correct, authentication and authorisation. What can you do? You can take these two controls and add more.”
He recommended adding behavioural analysis and adding it to outbound traffic so you can identify the system that is critical to business and build out. He also recommended looking for malicious patterns with partners and open source tools, and finally using that capability to vary the level of trust and risk appropriately.
He said: “Behavioural analysis is not only asking if I can grab a file, but is that behaviour normal for me? Taking 40 GB of Adobe source code should raise a flag. Apply techniques to apply behaviour analysis and look at all data that leaves user space.
“Also focus on what is going back and forth between the data and user controls. Look at malicious patterns, odd access patterns and vary the level of trust in the user. How often do you review role-based implementation? We know the attacker stays on network, so we need to look more often and automate the trust mechanism.”