Going Beyond Compliance - An Intelligence-Driven Approach to Data Protection
While referring to lessons learned in last year's hack of RSA as a ‘tremendous learning experience in retrospect’, the company's chief security architect, Robert Griffin recently warned a select Dublin audience that ‘basing a security strategy on ‘regulatory compliance’ alone will lead to enormous issues in the coming years'.
Working in the security industry for over three decades, Griffin was the main speaker at an RSA-sponsored talk in Dublin last month entitled ‘The Anatomy of Cyber Attacks'. Attempting to explore the changes in the threat landscape over the past year, the hope for those in attendance was to gain an insight into how security strategies can be updated to handle more advanced threats.Griffin outlined the current three different classes of attacks:
While many businesses will not feel they are in danger of being targeted by any of the above Griffin was keen to stress the growing trend of "drive-by attacks" from criminals, with cybercrime resources more readily available than ever. ‘There are sites that act as a Gumtree for infection’ said Griffin referring to the popular classifieds site and how easy it is for criminals to target businesses at will'.
As for changes to security strategies to protect against advanced persistent threats (APTs) in particular, Griffin warned that good IT security staff, is more important now than ever before.
Noting that cyber threats have become ‘more subtle and have a greater ability to bypass firewalls and antivirus models’, Griffin said that in RSA's case, when they were hacked in April 2011 (after a nefarious email was opened by a member of staff, allowing hackers to get their hands on information from company records), the attack was only picked up because of a researcher who realised there were ‘some odd patterns and activities’ going on in the network. Griffin commented that with conventional approaches to information security no longer sufficient, an intelligence-driven approach - with well-trained staff - is required to combat current adversaries.
Griffin recommends an approach to security that includes elements such as an asset strategy with the drawing up of a "digital assets map" of vital importance, employing a suite of security services and breach security planning in order to test that proper responses are in place.
When establishing a data security framework, understanding the location and business value of data is central to achieving reliable and robust security practice. Gaining visibility and control allows organisations to detect and defend threats and focus response efforts to quickly address changing conditions. Through regularly audits of unstructured data, security policies and procedures are routinely assessed, ensuring that sensitive data is not stored unsecured on any part of the network.
Data discovery helps identify data entities that contribute to risk threats and vulnerabilities and automatically assess new threats to determine which are relevant and business-impacting. This process is essential to detect possible regulatory compliance violations and ensure that internal controls exist and operate effectively. The process ensures that procedure and policies are effective and being managed reliably while providing the necessary assurance that compliance and security measures are in effect and constantly monitored.
PixAlert provide enterprise data audit solutions which help organisations to discover, classify and protect unsecured, critical data across networks, enabling businesses to manage risk, improve security processes and maintain compliance standards www.pixalert.com
Original Article Source: TechCentral:
Date: 03 September 2012