The proliferation of online and mobile data is a boon for sales, marketing, product development and, in turn, cybercrime. The concept of data-driven security to counter these data-driven cyberthreats is still relatively new, but when I asked what emerging security technologies IT execs would recommend to combat such cybercrime -- and cyberthreats in general -- the answers were surprisingly old school. As ISSA founder and former Citibank CISO, Sandy Lambert, put it: When it comes to cyberthreats, go back to the basics.
"You still need firewalls and AV [antivirus] programs, but those only find software that has a signature. They won't catch a zero-day threat, the new ones," she said. "But you will catch them by watching; by using system log monitoring as part of your security program."
When I asked Marcus Ranum, developer of the first commercial firewall and CSO of network security firm Tenable, what he would invent today if he could invent anything to mitigate cyberthreats, he also said systems logging. Yes, systems logging.
Of course, systems logging doesn't need to be invented. It's already a basic tool in the IT security arsenal -- which is precisely his point.
"Where's the data that people are going to build that intelligence from? The logs!" he said. Tenable, which counts the Department of Defense and Fortune 500 companies among its clients, has developed tools that take log monitoring to a new level.
Where's the data that people are going to build that intelligence from? The logs!
CSO of Tenable
"We're pushing a strong model of continuous monitoring -- being able to collect information about everything that's going on in your systems and your networks at all times, because that is going to shorten your response time in the event of a breach," Ranum said.
Withstanding the test of time
Another oldie in emerging security technology -- a serious oldie, as in 1900 B.C. -- is cryptography, thought to be invented by the Egyptians to make the legends inscribed on the tombs of their leaders seem even more special. By making their stories cryptic, the reader needed to know the secret code.
Nowadays, there are some pretty advanced mathematical applications of cryptography -- the Advanced Encryption Standard based on symmetric-key algorithms being just one. There is nothing "basic" about the algorithms being developed by the likes of IBM either, or the security complications that big data -- combined with the cloud -- present to security professionals.
Given this data, cloud and mobile-driven reality, Lambert said cryptography isn't a bad place to start. "Cryptography is the key to the success of any infosec professional's future, so get familiar with it," he said. Security professionals don't have to be cryptographers, but they do need to understand the use of cryptography in digital signatures, encryption and decryption. "Cryptography is used in so many things and it's a key tool that everyone will be using more and more. Luckily, the vendors are starting to build those tools into products, [which is] why you don't have to be a cryptographer to understand it now, but you have to be able to be familiar with it."
So while the debate rages on about the privacy and security problems of big data, security experts like Lambert and others point to cryptography as the means of securing all that data floating around.
The perimeter is the cloud
And here's the kicker: What better place to further contain big data than within a software-defined perimeter in the cloud?
More Future State columns
Follow the "proof of process" model to $1 billion?
Biometric authentication adds layers of IT security
Created by the Defense Information Systems Agency back in 2007, software-defined perimeters create an internal network that does not allow a device to access that network before a secure connection to the application infrastructure is established. The Cloud Security Alliance (CSA) introduced a Software Defined Perimeter (SDP) initiative this past November with the goal of having cloud providers act as traditional network perimeters for authentication and authorization through the use of existing security protocols like SAML and TLS. Enterprise companies and government agencies signed on, with one beverage company now in the midst of using SDP as "a true disruptive force changing the way security is done," said David Cullinane, former eBay CISO and board member of CSA. (The parties involved and the work being done is still under wraps.)
"They are using software-defined perimeters to eliminate huge groups of attacks [and] to remove dozens of potential attack surfaces of record from being able to occur -- and at virtually no cost by leveraging [existing technology] that no one has sat down to put together before," Cullinane said. SDPs are often proprietary, but the cloud can make Internet security the collective effort of many.