risk mitigation, cyber security

Risk Mitigation and Continuous Assessment Secure Journey to the Cloud

Summary

  • Strategy for C-suite is to develop cyber security posture to mitigate evolving multi-vector attacks and to think more broadly
  • Business imperative of moving to cloud calls for new set of security procedures and policies
  • Anomaly detection in form of user profiling and network traffic surveillance is emerging as a powerful new defence
  • Cyber skills requirement becoming broader and more technical encompassing linguistics and social engineering experts
  • Trend towards user-self provisioning accentuates need for greater visibility and securing of cloud activity

 A cyber security landscape of evolving, continuous and multi-vector choreographed attacks means smart corporations are framing the security threat in new ways and seeking new kinds of assistance. With catastrophic breaches of data regularly in the news, and the impacts on bottom line, stock price, reputation and brand well documented, CEOs and their teams are keen to be more proactive: FTSE boards are focussing their efforts on risk mitigation and improving their cyber security posture.

“The new direction of travel for Fortune 500 companies is to leverage technology and intelligence to improve their cyber security posture to address ongoing challenges”, confirms Robert Arandjelovic, EMEA Director of Product Marketing at Symantec. This focus represents a paradigm shift from a narrow interest in the latest technology ‘fix’ or concern about the latest threat, whether it be state-sponsored espionage or opportunist malware.

The past year has seen an eruption of multi-vector attacks, which combine attack vectors in order to confuse defenders and supplement attack volume. These increased 322 percent over the previous year, and accounted for 52 percent of the attacks mitigated, according to the Neustar DDOS and Cyber Security Report.  The IDG Connect 2016 DDoS Survey of 120 US security decision makers also found the highest percentage of organizations reported 1 to 5 multi-vector attacks with a third defending against over 25 attacks.

Sophisticated cyber assailants increasingly are seeking out weaknesses in email security, end-point protection and in the cloud, all at the same time. Cumulatively, each piece of compromise chips away at a corporation’s defence until hackers get the resources they want, says Arandjelovic. “Very rarely, when we read about massive breaches of customer credit cards, is it solely because of a single incident like a piece of malware that got onto the server”.

A new and comprehensive approach to counter the breadth of challenge is advocated by Symantec in its established partnership with DXC, and that is user profiling
Conversation between security specialists and business executives are also being framed in new ways and questions have an increasing urgency, confirms Arandjelovic: “how do we make sure we don’t get breached again?’  Or ‘a major competitor has been breached – we don’t want it to be us: what steps do we need to take?’” The realisation is dawning in boardrooms across the globe, that a mobile, collaborative workforce has a flipside: corporations now have a much broader attack surface and are vulnerable to multi-faceted, multi vector and concerted assaults.

Compounding this new vulnerability is the imperative for organisations to move their IT estate and applications to the cloud in order to enhance agility and make their business more scalable. Enterprises see opportunity in the cloud, but simultaneously view it as a source of fresh security threats.  Another avenue of C-level questioning is therefore along the lines of: ‘‘cloud is a fundamental pillar of our business moving forward – how do we do it in a safe manner?”

This strategic shift entails a move from a reactive cyber security response to a proactive stance of continuously assessing and mitigating various risks, explains Arandjelovic.  “It’s all about risk management and mitigation at a high level: as security postures are weakened, so business risk goes up and both business parties are now engaged in a dialogue over their common cause”. From a CIO perspective, it means embracing latest technology and thinking in order to take business forward to new areas as a means to access new efficiencies and productivity.

The sound security response to these strategic business goals and ongoing concerns, proposed by Symantec in partnership with DXC Technology, is to introduce a measured approach to embracing and deploying security. For its part, the business needs to recognise that cyber security is something that has to be thought about from the outset and must be designed in, rather than bolted on, counsels Arandjelovic.  “Threats are getting smarter and capable of outwitting traditional methods of cyber security, as well as the gaps between siloed, non-integrated defences“.

Hackers are not necessarily using more advanced forms of attack, but they are conducting their campaign on a broader front. The business network is expanding from traditional office-based users, to include mobile users on multiple devices and in different locations; the traditional focus on the network perimeter fence doesn’t work anymore. Creating a defensive strategy that encompasses multiple devices and locations calls for a fresh approach.

A new and comprehensive approach to counter the breadth of challenge is advocated by Symantec in its established partnership with DXC, and that is user profiling:  “We use the notion of complex user definition. Users are accessing or sharing corporate data in new ways and in so doing, open up new potential avenues for breaches to happen”, cautions Arandjelovic.  A hacker looking to breach a company simply has to find a way of compromising a single user account and then can find a way into the entire company.

Surveillance of data travelling around a network, with the objective of spotting anomalous behaviour and using data context to make intelligence-based decisions, is a new direction for enterprise cyber security. The approach leverages advances in artificial intelligence, machine learning and data analytics technology, but calls for a new mind set and a commitment to sift through huge volumes of data. “The paradigm is a conjunction of smarter technology and thinking more broadly”, confirms Arandjelovic.

The hyper-connected nature of today’s mobile business makes the work of cyber security teams, who police and secure these porous new business models, much more expansive and intensive.  Increasingly, FTSE and Fortune 500 companies are seeking specialist partners to advise or supplement their in-house teams, or provide an entire cyber security capability on a managed service basis.

“Within Symantec, the technical skill set is more varied and broader than it was 10 years ago”, confirms Matthew Howes, Channel Account Manager at Symantec. The necessary skills portfolio now spans not only bleeding edge cyber skills and product knowledge, but also humanities specialisms such as linguistics, which help crack the code of social engineering.  “There’s a skills shortage in the security space, but it is more pronounced in advanced technologies such as AI – and specialists in behavioural analysis are rare.”

Another prevalent issue that taxes enterprise security chiefs is the trend towards self-provision among staff. Traditionally, end users were provisioned with standard IT tool sets; nowadays, in the interests of productivity, end users choose and download their own software and apps that help them collaborate. “Sometimes, when we add controls and formalise cloud usage, we see that customers don’t have a handle on cloud usage or how it is provisioned,” notes Howes. “The lack of visibility and security of this cloud activity can be an eye opener for customers.”

It is in the realm of cloud transition and achieving an optimal security posture – taking into account compliance with relevant regulations and levels of cloud maturity – that the Symantec-DXC partnership comes into play. “Symantec is known for its bleeding-edge security technology, while HPE is an innovative, cloud-ready partner” points out Howes. “We both operate in an open ecosystem with other toolsets. Together, we have an integrated and open story around cloud.”

DXC makes a good partner for Symantec because it is proficient at assessing whether a customer is ready for cloud, partially ready and needing a hybrid solution, or in need of full transition services and consultancy. “It means we can engage the customer in different levels. Our technology is complex in terms of algorithms and the like, but we can present in a simple and seamless way with boardroom reporting or in a more granular way when it comes to triage, escalation or instant response,” says Howes.

As organisations journey towards the cloud, boards want to be confident they have the right tools and are protecting sensitive information, and to do this they need to get visibility on relevant areas. Symantec technology has the flexibility to work across different levels of cloud maturity. Plus, there are numerous integration points across the portfolio, which works well with other chosen tool sets, and has critical technologies including CASB (cloud access security broker), anomaly detection, tokenisation and multi-factor authentication.

Howes sums up: “We have open ecosystem and we enjoy working together: DXC understands the customer and we have technology to wrap around any requirement”.

Helen Beckett

Author: Helen Beckett

Helen Beckett is the Community Manager of the Business Value Exchange. She has been a writer and editor for over 20 years and takes a particular interest in the challenges facing the CIO in today’s business climate.