This article also appeared on Tripwire
With individuals, businesses, and critical infrastructure increasingly becoming the target of cyber-attacks, cybersecurity today is a multifaceted challenge. As the saying goes, “There’s more than one way to skin a cat”, and if the cat equates to preventing, detecting, or discovering disruptive data breaches and determining the root cause, the vendor community has certainly come up with a plethora of options for enterprises as well as consumers - virus and malware detection, firewalls, penetration testing, vulnerability management, a long list of acronym-labeled tools like IDS, IDP, CASB, UEBA, SIEM, and DLP…with more on the way. Some of these have proven effective, others less so, in protecting network infrastructure and digital assets. For example, most cyber security practitioners would admit that while SIEM tools have solved some problems, they have also introduced other unexpected challenges like false positives and alert fatigue.
Over the past few decades, cybersecurity seems to have evolved into a highly esoteric endeavor, shrouded in mystery, its practitioners functioning in a rarified atmosphere. It is true that developing cybersecurity tools and solutions is a very technical task that requires specialized knowledge. And it is without a doubt complex in nature. Yet, rather than masking this complexity, vendors have allowed it to spill over into the buyer-side.
To de-mystify cybersecurity, the first question we should ask is, “What exactly is it?” The simplest answer is that cybersecurity consists of “measures taken to protect a computer or a networked computer system (i.e., on the Internet) against unauthorized access or attack.” But from that point, cybersecurity does appear to be very complicated. Let us count the ways.
The challenges of running an information security program in an enterprise can be overwhelming, with so many areas to address -- from encryption, to application security, to disaster recovery. There is the complication of regulatory compliance requirements such as HIPAA, PCI-DSS and GDPR, to name a few. There are security frameworks to follow that have been created to define policies and procedures. Examples include the NIST SP-800 (National Institute of Standards - Special Publication 800 series), COBIT (Control Objectives for Information and Related Technology). New cybersecurity assessment tools have been recently introduced. The Federal Financial Institutions Examination Council (FFIEC) has developed an assessment tool to help financial organizations identify their risks and determine their cybersecurity preparedness.
The rise of the Internet of Things (IoT), in which nearly every “thing” (electrical outlet, light bulb, refrigerator, thermostat, garage door, automobile, electrical outlet, etc.) has an IP address has introduced immense complexity and technical challenges for data privacy and protection. Then there’s risk modeling, penetration testing, incident response planning, and cybersecurity insurance to consider. No wonder most people consider cybersecurity to be an extremely complex undertaking!
But Is a thick coating of over-complexity masking some simple and elusive truths? Perhaps if we approach cybersecurity from a fresh perspective and examine the heart of the matter, we can distill it down to its essence.
Let’s go back, for a moment, to the days before the advent of what’s been called the “information highway” and recall how pre-digital society protected physical assets and property. In earlier times when transportation infrastructure like roads was extremely limited or non-existent, many people lived in relative isolation. Their major concern was keeping any dangerous wild animals at bay. Beyond that, there were no security concerns for even the wealthiest as travel was difficult to impossible.
As society evolved, more people congregated in settlements, and roads were built to interconnect these communities which eventually became the towns and cities we know today. More roads meant more traffic. Security become a concern as formerly-isolated dwellings were more easily accessible. The wealthy who lived in great houses and castles had guards to protect them and their belongings, control who passed through their gate, and keep an eye on the road outside. With protection for their property and the valuables in their homes, they suffered fewer problems from bandits, or “highwaymen”, who hid out near busy road crossings to plunder goods from unwary travelers.
With the advance of technologies in the recent century, surveillance and security cameras were invented to replace human guards and watch-dogs and monitor and record human activity without interruption, 24 x 7. Nowadays security video cameras are installed on roadways, shopping malls, offices, and homes to protect physical assets and aid incident investigation. Video surveillance has become a widely adopted and highly successful technology, primarily because of its deterrent effect on human behavior.
So why not apply a similar approach to the protection of digital assets in a networked environment? Instead of guards at each gate protecting physical assets, we have firewalls and other devices to protect digital assets. Rather than travelers on a busy highway, we have packets traversing widespread networks where “traffic” at intersections is managed by switches. With digital transformation, the volume as well as the monetary value of assets is accelerating at a break-neck pace. For most businesses today, these far exceed the value of their physical assets.
But when it comes to protecting physical or digital assets, there is no difference between the two. When more roads are built and there is more vehicular traffic, your physical assets are at greater risk. Likewise, in a networked environment your digital assets are more accessible, and when network traffic increases, your digital assets are at higher risk. However, there is a subtle yet important distinction between physical and digital assets. When a physical object is stolen, it is relatively easy to detect because it’s tangible, and once it’s stolen…it’s gone. But when a digital asset is stolen, it’s a completely different story. Unlike physical assets which can only be stolen once, digital assets can be stolen repeatedly and replicated endlessly. And theft of digital assets can sometimes be extremely difficult to detect, especially in real-time.
The malicious actors stealing valuable digital assets today are like the highwaymen who once plundered goods. Instead of hiding in the shadows by the roadside, they lurk undetected in the interconnected links of a digital communications network. The castles and estates of yesteryear with their silver, gold and jewels are today’s business enterprises containing a treasure trove of intellectual property, trade secrets and sensitive data. Having a surveillance camera that can work in the information super-highway like a surveillance camera in the physical world would be the most effective approach to protecting assets in the digital world. But why is such a camera still unavailable? Because creating a “cybersecurity camera” that can “see” who’s moving digital assets through a network represents an extraordinary challenge.
In a physical surveillance system, the camera is simply the window used by the DVR (digital video recorder) to see. The DVR is responsible for compression, conversion, storage and streaming of all the video that comes from each camera; It’s the intelligence behind every camera and is responsible for all the motion detection and alerts. When an incident occurs, and you receive an alert, you can simply hit replay to review what happened and respond accordingly.
But digital business creates a complex, evolving security environment. So, a cybersecurity camera needs the cybersecurity equivalent to the DVR, which provides the intelligence to analyze the bits and bytes flying through the network, convert that into information that’s meaningful to a human being, and build the intelligence to generate alerts when digital activity that represents a real risk is “observed”.
While digital business has created a complex, evolving security environment, the key to protecting sensitive data and digital assets is really no mystery. Now, just as it was long ago before the advent of the information age, you must guard the gate and watch the road using the best visibility tools available. It’s really that simple.
This blog reflects the contributions of the HoloNet team and guest bloggers who are data security experts. HoloNet Security is led by a team of seasoned security industry professionals with a proven record of success creating innovative security products and services.