Inside Security Episode 3: Making Preventive Cybersecurity a Reality
It’s getting easier to be a cyberattacker.
Thanks to the rise of underground marketplaces, stolen user credentials, toolkits, botnets and other tools are easily available to an aspiring cyberattacker. There are even venues for cybercriminals to share information with each other to help improve the effectiveness of their attacks. Perhaps most concerning are the growing number of automated cyberattack tools that allow even amateur cybercriminals to launch a high volume of advanced attacks against a target simultaneously.
With the enemy growing more capable and the number of cyberattacks sky rocketing, concerned organizations often ask me how their security teams are supposed to keep up. My answer to that question is usually another question. Specifically, “Do you know how prepared your network is to prevent a cyberattack?” And the most common response from the customer is, “How can I tell?”
Their uncertainty is understandable. Today’s networks are logging millions of events every day, so it’s virtually impossible for a security team to identify all threats, let alone analyze and respond to the threats that pose the highest risk. With that kind of information overload, how is prevention even possible?
While preventing 100 percent of all cyberattacks is impossible, enterprises can prevent the vast majority of known attacks if they take the time to review their security architecture and procedures. For the unknown cyberattacks, organizations need to think and plan on how they can stop a cyberattacker further down the attack lifecycle. To that end, I advise customers to take a close look at the following three criteria to determine if they’re doing all they can to prevent cyberattacks.
Security teams certainly know what it takes for a cyberattacker to compromise a network, but what about the rest of the organization? Do less-cybersecurity savvy employees understand the basics of what we at Palo Alto Networks call “cyber hygiene?” Do they know not to open suspicious attachments? Are they managing their user credentials appropriately? If the answer to these questions is “no,” then an investment in basic employee cybersecurity training is in order. Move beyond the compliance check, and educate them on how proper cyber hygiene habits can protect them personally and those habits will naturally carry over into the workplace.
If cyberattackers’ methods are evolving, then the security technology used to defend against those techniques needs to do the same. Unfortunately, many organizations today rely on an ad hoc collection of legacy security solutions that operate independently, making them difficult to manage and creating gaps in the security architecture that an attacker can exploit. The most effective approach to protecting the network is to adopt a next-generation security platform combining the network with the endpoint and threat intelligence technologies that work together seamlessly.
Automation is key here. As part of the integrated security platform described above, access to up to the minute threat prevention capability can provide the latest information on threats and enable security teams to implement security processes that identify and remediate more common threats automatically. Offloading the need to manually handle the majority of threats will significantly reduce security teams’ workloads. This in turn will allow them more time to focus on finding and stopping currently unknown or more advanced threats.
While this is not a complete list of the criteria security teams need to examine in order to confirm they’re doing all they can to protect their networks, it’s a good starting point. And until organizations take a preventive approach to cybersecurity and get in front of today’s evolving threat landscape, they’ll be stuck playing catch up.
Watch the video for more on Inside Security Episode 3