Pace recently spoke with Damballa VP Asia-Pacific & Japan Daniel Schneersohn about why monitoring networks is the way to go for cyber-security in the 21st century.
“I think monitoring the network for malicious behaviour has always been a smart way to go,” said Schneersohn.
“The old methods of security are prevention-based and not designed to deal with emerging technologies like the IoT. It’s not possible or practical to use traditional products like gateway or endpoint protection on IoT-connected devices.”
“How do you install and enforce end-point protection on a refrigerator or a farm tractor? What about OS systems? It’s doubtful a refrigerator is running on Windows. How can you implement a secure web gateway on devices that connect via mobile or third party networks? These are some of the reasons why real-time monitoring of the network makes more sense.”
So what will the Internet of Things (IoT) rearrange in terms of cyber security and what needs to change from cyber security vendors to counter these changes? The answer is not as absolute as some in the IT industry would like.
“Despite the industry’s best efforts, the IoT will never be 100% secure because of its interconnected nature,” said Schneersohn.
“We don’t know all of the ways that smart devices will interact with each other and how they will be used. The complexity and scale of the IoT will inevitably lead to security holes. A detect-and-respond mindset must be adopted from the start”
“Manufacturers and other businesses should assume that the IoT technology stack will be attacked, and be properly prepared to respond. This means investing in systems that automate the detection of malicious activity so that it can be contained and remediated before data is lost or damage is done. As discussed earlier, the goal is to reduce the dwell time between infection and detection.”
Moreover the very real issue is that the IoT will render other forms of cyber security invalid, a situation that Schneerson said means a change in the way we approach Internet security.
“ Users can’t be expected to download antivirus software for every smart connected device – it may not even be possible given the disparity of operating systems. At the same time, businesses can’t be expected to deploy patches and updates to disposable, lightweight devices. IoT devices must be built with security and privacy controls baked in. Networks must be instrumented to automatically detect malicious behaviour.”
Then there is the issue of there insurance and its relationship to cyber security, an area that has barely started to register with many in the industry but one that is surely becoming more and more an issue – not just in terms of cost but more so in terms of compliance.
“Cyber security insurance is a growing and evolving market,” noted Schneersohn.
“ Insurance can alleviate some of the financial consequences of a breach. However, as mentioned earlier, there are intangible costs like loss of brand reputation. No insurance can protect against that”.
“While enterprises should consider whether or not cyber security insurance is the right option for them, there is no substitute for implementing a strong security program.”
“In today’s environment, that must include a way to automatically detect infections that bypass perimeter controls and respond before damage is done. What you don’t know can hurt you, and security teams must be able to deal with hidden threats.”
“No amount of prevention, including insurance, can stop determined attackers from damaging your business.”