THE BLOG

The Next Big Thing in Security Is...

30/04/2013 11:18 BST | Updated 23/06/2013 10:12 BST

This week the great and the good of Europe's IT security industry meet for the annual InfoSecurity Europe Show at Earls Court, London.

Each year InfoSec is awash with the latest and greatest in technologies that will help protect businesses and individuals as they use the Internet for their everyday work and play. Some of the claims made there are frankly unbelievable as companies try to convince everyone they have the silver bullet that will cure all our security woes.

But despite these miracle cures, we continue to see cyber-crime gangs pouncing on the unwary and under-protected, so clearly something is not working.

In years gone by, cyber-criminals were motivated by notoriety and fame, striving to be the first to crack a new programme or website. But today it is the simple motivation of greed and money that drives these gangs to use cyber-crime as a new expansion to the criminal activities. And we are not talking about small amounts of money here. One recent hacker was estimated to make as much as $10,000 a day via his criminal activities.

So what is going wrong? Why can the security industry not protect us against cyber-crime and why is there no silver bullet?

Today the bad guys are increasingly well-financed, professional and work hard to develop new ways to get through defences. At the same time, we increasingly live our lives online which means the information and data we hold on our PCs and networks are valuable assets that can be traded and used.

So businesses rush to build their defences against the latest and greatest threats and much like a medieval castle builder, they construct bigger and stronger walls to stop the bad guys getting in.

The trouble is, we need a few gates and doors to get out to do what we need to do and so there is always a route in for the criminals to exploit and while the perimeter defences often stop the general attacks, today's criminals are increasingly targeted - they study the best way in and they will find it.

Companies need to change their security perspective. They need to focus on the threat itself and be prepared to deal with the impact of the attacks before, during and after they happen.

A threat-centric model of security lets defenders address the full attack continuum, across all attack methods, and respond at any time, all the time. Based on broad visibility and continuous analysis of malware and attacker activities, this model allows defenders to be far more effective even if an attacker gets in.

I'm not saying change will be easy, but it is undeniably urgent. Company networks have already been extended due to mobile, virtual and device innovation. Attackers have already learned to find and anticipate gaps and effectively capitalise on weak links. Compromise is inevitable. In this reality, now is the time to approach your security differently.

The technology is here to make it happen. Continuous monitoring, automated analysis, control automation, and retrospective remediation exist already. They are integrated. And they work together, in continuous fashion, to secure networks, endpoints, virtual and mobile, and across the full attack continuum. However, this is not only a technology problem; this is a people and process problem as well. Mindsets need to shift. Organisational structures need to be redefined.

Technology and business leaders do not need to accept defeat, but they do need to accept that the attackers have changed the game.

So if you happen to be over at Earls Court this week I would treat claims of wonder solutions with skepticism. Instead ask people there what they can do when the inevitable happens and the bad guys do get in, as this is unfortunately a more likely scenario than the silver bullet they are selling working.