The key takeaway from Black Hat USA, the world’s most prestigious security conference which took place in Las Vegas last week, is that “the times they are a-changin’” -- most enterprises need to overhaul their security strategies, products and processes not just to adapt to the increasingly malicious and sophisticated internet environment, but to survive.
Intelligence-based security, a relatively new concept in the security world, and one that Threat Intelligence is pioneering, was a key focus of this year’s event. The concept has been gaining momentum and exposure but as the volume, speed and sophistication of new threats continue to outpace most organisations' ability to respond to them, it is beginning to be seen as the only logical option.
Alarmingly, many businesses, both in Australia and globally, remain dangerously ill-equipped to manage the new era in which we find ourselves. This ‘intelligence’ gap was highlighted during many of the key presentations at Black Hat, with a collective acknowledgement that major changes are needed in many organisations in order to simply continue to function, let alone thrive.
So instead of the usual large volume of highly technical talks relating to low-level attack techniques, a significant number of sessions revolved around topics such as threat, evasion, state-sponsored malware, organised crime, espionage, surveillance, intelligence, big data and machine learning; the subtext being that a major conceptual shift is required -- and fast.
And this shift comes down to intelligence and the intelligent analysis and interpretation of risk data. At precisely the moment that the threat environment is more complex, clever and invidious than ever before, enterprises have the capabilities to detect and neutralise more threats than ever -- and mostly before they even occur. The pain point is that enterprises have been slow to change their security strategies to take advantage of these new technologies and approaches, and that the more unscrupulous security vendors in the market are confusing the issue by simply renaming their products to include the word 'intelligence’ in an attempt to remain relevant.
Critical to any intelligence-based approach to security is the ability to track, process and apply insight to vast quantities of big data in order for the security technology to categorise normal data and identify anomalies that require further investigation. The next problem that will stem from this will be that attackers make their attacks appear like normal traffic to bypass these big data detection systems.
Earlier this year, research firm Gartner issued a report that said big data analytics will play a crucial role in detecting crime and security infractions. It predicted that by 2016, more than 25 percent of global firms will use big data analytics for at least one security and fraud detection use case, up from its current eight per cent.
This view was echoed if not amplified during Black Hat. One presentation, for example, outlined how over 100 million service desk phone calls were analysed for fraud, leading to the identification of anomalies and detection of fraud up to 33 days before it occurred.
Big Data analytics capabilities are key to intelligence-based security solutions as the speed at which cyber criminals move continues to increase. Gone are the hey days of the elaborate heists and instead we are seeing more and more ‘smash and grab’ type raids as criminals keep abreast of more effective security techniques by being opportunistically audacious.
They are also becoming smarter. Organisations will need to plan not only for today’s known challenges but also for what comes next. Take the wearable technologies that the advent of The Internet of Things bring. One of the sessions by Professor Xinwen Fu of the University of Massachusetts demonstrated spying software using Google Glass that can track fingerprint movements relative to the position on the touch screen to determine pins and passwords from three metres away. We also saw Nir Valtman, a security researcher at Crowdome and enterprise security architect at NCR Retail, present the challenges the retail industry faces in preventing memory-scraping malware from running on point-of-sale systems. And USB devices could also be the next security flashpoint with Karsten Nohl and Jakob Lell demonstrating how they can now be used to sniff network traffic and take complete control of a victim’s computer by releasing malware during the boot-up process.
Faced with such a ‘dynamic’ time for hackers and cyber criminals it will be incumbent upon enterprises to overhaul their approach to security if they are to adequately defend themselves from potential attack. Identifying threats before they occur becomes imperative and the intelligent application and rigorous distillation of big data is a critical part of this.
Organisations that fail to recognise this do so at their peril; the times are certainly changing and so must security strategies.
Ty Miller is the founder & CEO of Threat Intelligence.