The Changing Face of IT Security

We recently held a seminar on the subject of Cyber Security and the changing threat landscape. The event was very well received by the attendees and covered a number of areas that resonated with them.

 

Topics covered during the event included ;

The cyber security threat landscape covered by James Barrett who is the Cyber Security Lead in Cisco’s Commercial teams. James has over 10 years experience in the security space. He outlined some key developments that affect organisations and are worthy of consideration as they map out or refine their Cyber Security strategy. In light of recent cyber attacks the impact, particularly financial is becoming more severe. One recent example is the Equifax hack which resulted in a 40% fall in the company valuation as well as the resignation of the most senior executives. The recent Nyeta/Wannacry attack resulted in losses totalling in excess of $350m for FedEx who at one stage they were so severely degraded they resorted to WhatsApp for internal communications.

 

James also mentioned the increased talent gap of over 1.5m cyber security professionals globally with this number set to increase. The landscape is further complicated by the proliferation of security products many of which do not work effectively together. In order to gain the right balance and capability of deployed security technology, it was essential to view security from the perspective of an integrated architecture. Such an approach provides for a more comprehensive security solution that shares intelligence between all touchpoints of the information and systems network, whether they are located on premise, in the cloud or remotely. James explained how the need for integration had driven Cisco’s security acquisition strategy.

 

An example of this is their AMP (Anti-Malware Protection) engine which has been fully integrated with a wide range of their platforms such Meraki MX Security gateway, ISR router, ASA Firewall, on the Web and Email security devices, on endpoints and Umbrella in the Cloud. This effectively provides the same Anti-Malware capability on clients on and off net as well as a network based service on premise or in the cloud. All these instances benefit from the collective intelligence gained by their large pool of threat researchers, as well as analysis of 100TB of daily telemetry and tens of millions of users.

 

James concluded by focusing on the question of where organisations could start. Some options included;

  • Stop Threats at the Edge
  • Protect Users wherever they work
  • Control Who gets onto the network
  • Simplify Network Segmentation
  • Find and Contain Problems Fast

Any option would be a good start and other options could be added progressively to eventually achieve a comprehensive and integrated approach to Cyber Security.

 

The second speaker for the event was Ali Wadi who works within the OpenDNS Division (now Umbrella) of Cisco. Ali while being a real larger than life and entertaining character communicated the importance of DNS in cyber attacks in very practical terms. He broke it down into concepts that were easy to understand and highly relatable.

 

Important takeaways include;

  • 92% of cyber attacks involve DNS services
  • 100% of organisations interact with known Malware sites
  • Umbrella essentially stops cyber threats in the Internet before they reach the network perimeter – similar to stopping a criminal at their doorstep instead of waiting for them to get to your doorstep
  • The Umbrella solution could be deployed in a matter of minutes
  • It profiles normal behaviour and flags up unusual behaviour
  • It automatically blocks known malware sites, and IP addresses with a poor reputation

Ali included a demonstration of Umbrella which included views of the portal traffic and behaviour of a period of time demonstration how easy it was to identify some anomalies.

 

The event host Ajani Bandele, Managing Consultant at NetworkIQ, by way of introduction outlined some of the developments in digitisation and corresponding Cyber Security threats. Some points covered included;

  • Digitisation impacts on virtually all organisations
  • Adoption of cloud by 80% organisations by end of 2018
  • 10 billion IoT devices by 2020
  • 25% users now connecting remotely

All these factors serve to dramatically increase the attack surface available to cyber criminals who have an ever growing toolkit. Also, the cyber attackers are developing a business model which provides threats such as malware and ransomware as a service. Ajani advised that a sensible security approach would be to ensure that a multi-layered approach is taken to security that effectively manages known types of threats but also is agile and comprehensive enough to respond to unknown and emerging threats.

 

Ajani also presented a case study based on the trade union PCS who needed to beef up their cyber security to meet new regulatory requirements as well as fill internal skills gaps. PCS conducted a trial of an advanced threat management solution which highlights some unknown threats and also provided an extremely detailed insight into their traffic and user profile. The solution deployed by NetworkIQ helped them further secure their network providing 24/7 proactive threat management and reporting capabilities.

 

The event received overall good feedback from the attendees and NetworkIQ will be organising a webinar soon to further look at the risk posed by DNS and how this could be addressed.