Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/2/2017
10:30 AM
Rinki Sethi
Rinki Sethi
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Staying in Front of Cybersecurity Innovation

Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.

Cyber attackers can launch thousands of attacks daily. Many of these same attackers don't even need serious technical expertise to do so; they can simply purchase (or even rent) DIY hacking toolkits or subcontract the actual attack campaign to a hacker-for-hire. With such low entry barriers and a threat landscape that's evolving rapidly due to relatively easy access to processing horsepower and automation technologies, cybersecurity must be top of mind at any organization.

Fortunately, many new technologies are new to security operation centers (SOCs) and the teams that run them. The use of automation, machine learning' and big data has the potential to detect, analyze' and contain most threats automatically, without the need for human intervention — which leaves SOC teams with more time and resources to dedicate to hunting more sophisticated attacks. But if SOCs want to take advantage of emerging cybersecurity technologies, they'll need to rethink their playbooks and make significant changes to technology roadmaps. Why? Because innovation in cybersecurity is challenged by two seemingly conflicting ideas: it's happening too slowly and too quickly. Allow me to explain.

Some say that most recent innovation in cybersecurity industry has been incremental, not revolutionary. Specifically, the products and services currently used in cybersecurity have been around for years, and today's more advanced threats aren't going to be stopped by simply adding a few new features or performance enhancements. Slow and incremental updates to well-established cybersecurity products and services will not protect a network against today's more evolved threat landscape; the adoption of new and revolutionary technologies is required.

For others, the massive volume of innovation is paralyzing. There are so many startups touting new cybersecurity products that it's easy to become overwhelmed by the sheer number of new point products and their related concepts/buzzwords (machine learning, threat intelligence, automation, etc.). How do you figure out what the right security solution for your organization is when a new one launches every week? How easily do new products integrate into your existing security architecture? Is the product addressing a security issue that your organization is likely to encounter? How much manpower and time are involved in maintaining the new product? Attempting to answer such questions makes it easy to see why keeping up with cybersecurity innovation is such a challenge.

Here are three tips to help you strengthen your organization's security posture and stay in front of cybersecurity innovation.

Tip 1: New Technology Only Works if Implemented and Used Correctly
Having the latest and greatest technology is only effective if that technology is implemented and configured properly. When considering any new cybersecurity product, remember first principles. Go back and ask the key questions. What is your security team responsible for? Does this new product help with those responsibilities? If so, then it's worth considering implementing the product in your security architecture, and only then after extensive testing and reworking of the security workflow to ensure there are no gaps in the security posture.

Tip 2: Use "Purple Teaming" to Gain a Competitive Advantage
SOCs, traditionally run by Blue Teams, are responsible for defending an organization. Blue Teams need the right mix of tools, technologies, and people to detect, analyze, contain, and remediate attacks. In addition to these tools, Blue Teams should partner closely with Red Teams, the white-hat hackers in an organization. Red Teams can run a number of different penetration tests to provide valuable insight into what hackers can do and the latest tools and technologies they can use to infiltrate an organization's network and assets. With the two teams working together on a regular basis, called "Purple Teaming," organizations can build up strong defenses to protect against real-time threats.

Tip 3: Leverage Automation to Scale Your Threat Response
Today's evolving threat landscape requires SOCs to adopt new technologies and best practices like automation and machine learning; they remove the need for human intervention to solve more basic cyberthreats (which make up the bulk of reported attacks). Such automation will require careful configuration of foundational security elements (endpoint, threat intelligence, threat analysis, firewalls, etc.) to avoid gaps in an organization's security posture. But if done properly, it will allow the SOC to take a more proactive role in defending the network.

Related Content:

 

Rinki Sethi is Senior Director of Security Operations and Strategy at Palo Alto Networks. She is responsible for building a world-class security operations center that includes capabilities such as threat management, security monitoring, and threat intelligence. Rinki is also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
8/2/2017 | 12:41:49 PM
Purple Teaming as a Tactical Strategy
Kudos for stressing Blue Team and Red Team partnering.  While I have a bias on this topic, I do believe more on this needs to be discussed.  Not only should Red Teams be utilized often but I also feel they need more legal freedoms so offensive tactics can be leveraged more.  But while we wait for Washington to catch up with the InfoSec industry, partering with Blue Teams as a Purple Team is beneficial to all.  Treating your InfoSec teams like a tactical force rather than a threat monitoring presence will serve to increase awareness and effectiveness.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...