Some IT managers think that with network intrusions being reported almost every day around the world security is going to the dogs.
But a senior official of a security vendor says it’s time for organizations to “get a Rottweiler” and improve their defences.
Tom Kellermann, vice-president of cyber security for Trend Micro Inc., made the comment during an interview Tuesday from Ottawa, where he’s on a five-city tour meeting with customers for what the company calls cyber security week.
Kellermann is a veteran of the international security wars, having been a member of a U.S. commission on cyber security that reported in 2010 to President Barak Obama and a data risk management specialist for the World Bank treasury security team.
He acknowledged that it’s a fair comment that some organizations are resigned to the inevitability of a break-in. almost every major corporation in the U.S. suffers a network intrusion every month, he said.
But, he essentially maintained that doesn’t mean they have to roll over and play dead.
“Its all about managing the damage and mitigating the ability of the criminal to move laterally though the network to steal your crown jewels — intellectual property– or to use your network as a watering hole to leap into your consumers or partners networks.”
Unfortunately, “enterprises have traditionally underinvested in their security of their IT,” he said. Organizations need to understand it’s not about when there will be a breach but how frequently there will be one and how deep the penetration will be and how damaging that will be not only to their operations but their reputation
“If someone breaks into your front yard and you notice them, you can call the police in time before they get to the master bedroom. If you just under-invest and spend on perimeter defences only — like firewalls, encryption and virus scanners — then inevitably someone will be in your house at some point.”
The real gaps in network security can be covered through file integrity monitoring (for intruders to stay in your system they have to manipulate a file, so you need to identify through continuous monitoring who’s doing what with files); virtual shielding (protecting from zero-day vulnerabilities in near real time), application security (security testing apps before release); dumping passwords in favour of two-factor authentication; custom sandboxing to trap suspicious incoming files.
“There’s been far too much spent on policy management, firewalls, IDS, encryption and virus scanners,” he said.
While they’re important, “its time for everyone to buy themselves a Rottweiler, and an alarm system with motion detectors.”