Dynamic Cyber Attacks Call for Dynamic Controls
Last month’s earthquake in Napa Valley got me thinking. In earthquake-prone areas, new construction is being built to move dynamically to withstand shocks and tremors. Innovative materials and designs sway and bend to provide better protection. But older buildings based on traditional, static design concepts can suffer devastating damage in an earthquake and its aftershocks.
It’s similar to the journey we’re on in the security industry, which is scaling to better address the harsh realities we face as defenders. At Cisco, we track this journey through a scale of controls we refer to as the Security Operations Maturity Model, which moves from static to human intervention to semi-automatic to dynamic and, ultimately, predictive controls. I will talk more about this scale in the coming weeks, but for now, let’s focus on the need for most organizations to shift to dynamic controls.
We all know that the security landscape is constantly evolving and attackers are innovating in lockstep with rapid changes in technology. In fact, as I talk with security professionals daily about the challenges they face, a few consistent points come up:
- As new business models are built on innovations in mobility, cloud, the Internet of Things (IoT) and Everything (IoE), security solutions and processes must become more dynamic and more scalable to keep up with the change;
- Further, as hacking has matured and become industrialized, the security models used to defend need to mature as well; and
- Finally, there’s too much complexity, fragmentation, and cost in legacy security deployments.
A recent malicious advertising attack called “Kyle and Stan”, discovered by our Talos Security Intelligence and Research Group, demonstrates the challenges defenders are up against – read their full post here. Posing as legitimate advertisers, cybercriminals contact the major advertisement networks to try to get them to display an ad with a malicious payload packed inside of legitimate software – spyware, adware, and browser hijacks, for example. They target popular websites and instruct the companies to run the ad for just a few minutes, leaving little or no time for the ad content to be inspected. In this case, malvertising victims were faced with an often-unprompted download of what appeared to be legitimate software with a hidden malicious payload. The malware droppers employ a range of clever techniques to continuously mutate in order to avoid detection by traditional, point-in-time systems.
Clearly, static security controls and human intervention are no longer enough on their own to thwart attackers. Now more than ever, organizations need to be enabled to move along the Security Operations Maturity Model to achieve better protection. In effect, it’s like turning dials on visibility, intelligence, and automation to get the right combination of security technologies in place for your environment. In this model, organizations can flexibly move toward dynamic controls to better manage the pace of change of their environments and to more effectively defeat modern threats. The unfortunate reality for most organizations, however, is that their existing models and infrastructures are built on an architecture that only supports static controls. While this may be adequate for some highly-regulated industries, it’s insufficient for most. Traditionally we’ve layered on new security inspection devices and controls to compensate for missing capabilities, but they can’t, and never truly will, work together. We can’t afford to keep moving in this direction, but we do need to move our security capabilities forward.
Technologies and capabilities are already headed in this direction, implementing dynamic controls to see more, learn more, and adapt quickly. These newer dynamic controls allow security practitioners to change the trust profile of a user, device, or applications in near real time. And they can adapt the trust profile depending on the types of threats they face and their industry and regulatory requirements. This dynamic application of privileges or controls is what will allow our organizations and infrastructures to scale to meet the requirements of mobility, cloud, and the IoT.
Unveiled today, Cisco ASA with FirePOWER Services is one example of how dynamic controls can be enabled. The first threat-focused Next-Generation Firewall, Cisco ASA with FirePOWER Services responds to the challenges of security professionals that I outlined before — changing business models, the dynamic threat landscape, and solution complexity and fragmentation. It provides multi-layered protection with full visibility, contextual awareness, and dynamic controls to automatically assess threats, correlate intelligence, and optimize defenses to protect all networks against a comprehensive range of attacks. Because in many environments, a Cisco ASA firewall is already part of the infrastructure, current customers can add other layers of protection with simple subscription licenses and gain integrated threat defense across the entire attack continuum – before, during, and after an attack – while reducing the costs and complexity of evolving toward dynamic controls.
Just as dynamic designs are better protecting buildings from the damage caused by earthquakes, so too can dynamic controls help security practitioners better protect their organizations. With a new baseline of visibility and intelligence, and the ability to dynamically apply controls, companies can now rapidly adapt security policies and enforcement in real time to minimize the impact of cyber attacks.