Welcome!

Java IoT Authors: Yeshim Deniz, Liz McMillan, Zakia Bouachraoui, Pat Romanski, Elizabeth White

Related Topics: Cloud Security, Java IoT, Microservices Expo, Linux Containers, @CloudExpo

Cloud Security: Article

Setting the Stage for Cybersecurity with Threat Intelligence

Effective cybersecurity requires an understanding of what assets need to be protected

Ransomware is the latest example of the increasingly sophisticated and damaging inventions of hackers. Individuals and organizations of all sizes are finding that their data has been locked down or encrypted until a ransom is paid. One program, CryptoLocker, infected more than 300,000 computers before the FBI and international law enforcement agencies disabled it. A few days later, Cryptowall showed up to take its place. Companies paid $1.3 billion last year in insurance to help offset the costs of combatting data attacks like these.

Other examples include highly customized malware, advanced persistent threats and large-scale Distributed Denial of Service (DDoS) attacks. Security professionals must remain ever vigilant to both known and new threats on the rise. However, with proper visibility into the extended network and robust intelligence, an attack can often be detected and stopped before it causes significant damage. By using the network to gain intelligence, cyber defenders can gain greater visibility of adversary actions and quickly shut them down.

Since an attack can be broken down into stages, it is helpful to think of a response to an attack in stages as well: before, during and after. This is standard operating procedure for anyone in the security profession. Let's examine each stage:

Before: Cyber defenders are constantly on the lookout for areas of vulnerability. Historically, security had been all about defense. Today, teams are developing more intelligent methods of halting intruders. With total visibility into their environments - including, but not limited, to physical and virtual hosts, operating systems, applications, services, protocols, users, content and network behavior -defenders can take action before an attack has even begun.

During the attack, impact can be minimized if security staff understands what is happening and how to stop it as quickly as possible. They need to be able to continuously address threats, not just at a single point in time. Tools including content inspection, behavior anomaly detection, context awareness of users, devices, location information and applications are critical to understanding an attack as it is occurring. Security teams need to discover where, what and how users are connected to applications and resources.

After the attack, cyber defenders must understand the nature of the attack and how to minimize any damage that may have occurred. Advanced forensics and assessment tools help security teams learn from attacks. Where did the attacker come from? How did they find a vulnerability in the network? Could anything have been done to prevent the breach? More important, retrospective security allows for an infrastructure that can continuously gather and analyze data to create security intelligence. Compromises that would have gone undetected for weeks or months can instead be identified, scoped, contained and remediated in real time or close to it.

The two most important aspects of a defensive strategy, then, are understanding and intelligence. Cybersecurity teams are constantly trying to learn more about who their enemies are, why they are attacking and how. This is where the extended network provides unexpected value: delivering a depth of intelligence that cannot be attained anywhere else in the computing environment. Much like in counterterrorism, intelligence is key to stopping attacks before they happen.

Virtual security, as is sometimes the case in real-world warfare, is often disproportionate to available resources. Relatively small adversaries with limited means can inflict disproportionate damage on larger adversaries. In these unbalanced situations, intelligence is one of the most important assets for addressing threats. But intelligence alone is of little benefit without an approach that optimizes the organizational and operational use of intelligence.

Security teams can correlate identity and context, using network analysis techniques that enable the collection of IP network traffic as it enters or exits an interface, and then add to that threat intelligence and analytics capabilities.

This allows security teams to combine what they learn from multiple sources of information to help identify and stop threats. Sources include what they know from the Web, what they know that's happening in the network and a growing amount of collaborative intelligence gleaned from exchange with public and private entities.

Cryptowall will eventually be defeated, but other ransomware programs and as-yet-unknown attacks will rise to threaten critical data. Effective cybersecurity requires an understanding of what assets need to be protected and an alignment of organizational priorities and capabilities. Essentially, a framework of this type enables security staff to think like malicious actors and therefore do a better job of securing their environments. The security team's own threat intelligence practice, uniting commercial threat information with native analysis of user behavior, will detect, defend against and remediate security events more rapidly and effectively than once thought possible.

More Stories By Greg Akers

Greg Akers is the Senior Vice President of Advanced Security Initiatives and Chief Technology Officer within the Threat Response, Intelligence and Development (TRIAD) group at Cisco. With more than two decades of executive experience, Akers brings a wide range of technical and security knowledge to his current role.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear these words all day every day... lofty goals but how do we make it real? Add to that, that simply put, people don't like change. But what if we could implement and utilize these enterprise tools in a fast and "Non-Disruptive" way, enabling us to glean insights about our business, identify and reduce exposure, risk and liability, and secure business continuity?
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time t...
DXWorldEXPO LLC announced today that "IoT Now" was named media sponsor of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
SYS-CON Events announced today that Silicon India has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Published in Silicon Valley, Silicon India magazine is the premiere platform for CIOs to discuss their innovative enterprise solutions and allows IT vendors to learn about new solutions that can help grow their business.