Cybersecurity isn’t working. · What are the big cybersecurity trends and dynamics that are ... protecting a business from its people and organized crime as digital transformation

© Axim Global 2019. All rights reserved.Page 1 of 18

Axim | Cybersecurity isn’t working. It’s time for a new solution.

Cybersecurity isn’t working.It’s time for a new solution, and it starts with old thinking

We’re spending big on cybersecurity, but is it working?

New attacks come daily and corporate reputations

and shareholder value disappear overnight. The fact is

cybersecurity spend isn’t delivering the return. Most security

teams need to spend 50% more, the chances are they’ll get

10%. One solution is to increase safety and cut costs to fund

the additional security demands. The question is how? The

answer lies not by looking to the future, but by re-imagining

the past, starting with network packet capture.



1. CSO online. 2. EY Global Information Security Survey.

This paper in a nutshell: the future of cybersecurity lies in old thinking

Organizations are approaching cybersecurity with an open checkbook. You can see why. More regulatory compliance and data privacy (think GDPR), more mega cyberattacks like WannaCry and NotPetya and, more state-sponsored breaches. Unsurprisingly, 75% of organizations would likely increase the cybersecurity resources available following a breach that caused significant damage1.

Yet they’re losing even more. The damage from cyberattacks has increased 1500% in the last two years2. Think of the high profile corporate casualties. Facebook saw over $5obn wiped off their market capitalization in two days. And the effect can last years: Equifax has already paid out $90m and still has over 240 class actions, and Home Depot is still paying out 3 years and $180m later.

It won’t be getting better any time soon. By 2021 cybersecurity spending is forecast to hit $1 trillion and cybercrime damage is expected to hit $6 trillion2. Put another way, businesses will lose $6 for every $1 they spend on cybersecurity.

Latest surveys indicate organizations need up to 50% more investment this year1, yet the average increase will be nearer 10%. New thinking will be needed: that focuses on solutions that will increase safety and reduce costs, so the delta can be re-invested in increasing cybersecurity.

Contents

Part one.

The changing landscape

Part two.

A new set of questions

Part three.

It starts with networks

Part four.

Rethink packet capture

Part five.

Where to from here?



This paper is intended to help security professionals who are starting to look for this holy grail. At its core are two simple questions:

1. What are the big cybersecurity trends and dynamics that are informing cybersecurity planning and investment strategies?

2. How can cybersecurity teams meet this changing landscape, and, save the money they need to reinvest in heightening security?

The answers to these questions highlight the need for new cybersecurity solutions. But what are they? The assertion in this think piece is that network security is the critical focal point for these new solutions, and that the holy grail is lying right under security professional’s noses: network packet capture. It’s a challenging hypothesis, packet capture isn’t new and constantly underperforms on cost and functionality. The argument is that it’s a great idea whose time has come, that it’s a natural solution to the changing security landscape, and, that huge technological advances mean it can be security professional’s white knight.

What does the changing cybersecurity environment look like? Here are five of the biggest contributory factors that are creating a seismic shift in the cybersecurity landscape.



A changing and challenging cybersecurity landscape.

Continued high-profile attacks, dynamic risk environments and increasing state-sponsored threats are just some of the challenges cybersecurity professionals are wrestling, 2018 and beyond will bring many more. We see five killer challenges.

Zero day? The real problem is the every day.

The massive, co-ordinated attacks won’t go away, but are they getting disproportionate headspace? Gartner claims zero-day vulnerabilities have made up only 0.4% of vulnerabilities in the last decade. This is likely to shrink even further by 2020. 99% of vulnerabilities are well known: the vast majority being cybercrime groups and careless, negligent and malicious insiders.

Security professionals are increasingly realizing they must look to their backyard more than a handful of nation-states, and combat existing vulnerabilities to ensure their basic security is effective. Better securing the digital security chain will be a key driver moving forward and will require new thinking:

Think inside first, outside second. The greatest threat could come from the inside not the outside: protecting a business from its people and organized crime as digital transformation takes hold. Ironically this goes beyond the technology remit to culture and leadership: focusing on managing and communicating risk; replacing restrictive controls with user behavior monitoring and analysis; and driving process and cultural change management.

Look beyond protection and prevention. Cybersecurity professionals cannot hold back the tide of security threats and breaches. A more realistic mind-set will continue to take hold: securing the most critical for the greatest business effect. It will require rethinking the conventions that say protection and prevention are job one, and focusing on detection, response, and remediation. Then moving to prediction: of what’s coming before anything happens by harnessing the potential of AI and machine learning.

Part one.

1.



Technology will be the greatest ally and the biggest enemy.

The adoption rate of more sophisticated security technologies will continue to accelerate. Real-time change auditing solutions and analytics will help secure critical assets. ‘Remote browsers’ adoption will isolate a user’s browsing session from the network and deception technologies will become more commonplace. Endpoint Detection and Response (EDR) solutions, will monitor endpoints and alert to suspicious behavior. And, Network Traffic Analysis (NTA) will monitor network traffic to help determine the type, size, origin, destination and contents of data packets. Managing multiple data security tools will be a key challenge, especially when AI, the cloud and the IoT are added.

AI: a friend and foe. AI and machine learning will define the ‘normal’ state of systems and monitor deviation to accurately identify attacks, get breach updates in real-time, and better chase yesterday’s attack. But AI will also power more sophisticated attacks: automating data collection, cracking passwords, utilizing chat bots and committing cryptographic attacks.

The cloud: ubiquity brings universal threat. Cloud security is improving, but as the cloud grows so does the cyberthreat. Increased cloud security will become a top priority. Adding telemetry to cloud workloads will better manage security failures, allowing organizations to see the danger signs and enabling a quick – and possibly preventative – response. Security experts will have to decide who to trust and not, whilst companies will develop security guidelines for private and public cloud use and utilize a cloud decision model to apply rigor to cloud risks.

The IoT: a growing cybersecurity risk. The explosion in the IoT will start to weaken cybersecurity defence. Lacking basic features, proper configuration and relying on default passwords is giving hackers easy access for deploying malicious software.

2.



A skills gap will become a skills chasm.

The skills needed to secure an organization from cyberattacks are scarce and talent is in short supply. Today there are almost 1 million vacant jobs and the unemployment rate amongst cybersecurity professionals is 0%3. Factor in new and complex tech, the need for a new type of skills in data science, analytics and artificial security intelligence, as well as the adaptive skills that will be key for the next phase of cybersecurity, and the skills gap is set to widen substantially.

Unsurprisingly IT outsourcing, consultancy, managed services (especially SIEM) and automation will grow fast as organizations invest more into infrastructure protection and security services. Spend on consultancy is the biggest, but security outsourcing services will see a big growth in 2018, up to $18.5 billion as organizations look to outsourcing to fill the gaps4. Amongst others, the big gaps that will need to be filled are Virtual CISOs, Managed Security Services, Managed Detection and Response and Managed Incident Response Services.

3.

3. The palo Alto Research Center. 4. Gartner.



Governments will create as much work as rogue nation states.

Regulation and compliance will continue to be an ongoing challenge for organizations. In 2018 one of the really big ones is GDPR. Non-compliant organizations face heavy financial penalties as well as damaging customer trust and corporate goodwill. Whilst this is not enough for some organizations to ensure compliancy Forrester tells us 80% will fail to comply with GDPR with 50% of those organizations choosing not to comply, others are looking to cyber insurance policies to cover the remaining risk.

The growing threat of cyberwar (remember the Georgia attack) will create more compliance and regulation as countries govern the cybersecurity strength of the organizations that help operate their essential services. The intent is to curb the impact of nation sponsored cyberattacks as a means to further their agenda. The latest is the EU Directive on Security of Network and Information systems, (the first EU-wide legislation on cybersecurity), that member states must ratify by the first half of 2018. This will feed through to businesses who are involved in ecosystems that are built around the delivery of a countries’ essential services, and will be way stricter and more tightly governed than GDPR. The impact on these organization’s cybersecurity strategies will be exponential.

4.



Cyber risk is becoming a boardroom focus not just an IT one.

Cybersecurity professionals are becoming as focused on corporate boardrooms as hacker’s bedrooms. Why? The huge impact of cyber breaches on corporate reputation and shareholder value, the exposure to new compliance demands like GDPR and the rise of digital risk management is driving this. Research by PWC highlights 40% of boards are involved in security budget setting and 43% partake in the strategy. This greater business focus is bringing a new focus and language to cybersecurity.

From IT security to business outcome. Security teams will have to translate the work they’re doing into a business context. More and more business plans will use infonomics to analyze data assets and liabilities. Security outcomes will be connected to business outcomes. Whilst new criteria will be brought to the value of data protection.

From threat reduction to competitive advantage. Organizations will come to realize that high profile incidents cannot be a cost justification or a barrier to change. Getting security right isn’t only essential to the day-to-day running of a business, it can even be a competitive advantage that helps drive business growth and build brand trust.

From tactical reaction to strategic planning. Businesses will increasingly recognize that cybersecurity isn’t just about more budget to buy more technology to patch more cybersecurity holes. They will start to see how a strategic approach to spending increased budgets will deliver real improvement in security posture and better protection.

5.



How do cybersecurity professionals manage this changing environment, as well as a more dynamic risk environment and a greater threat landscape? And how do they do this and create the cost-savings that will fuel their additional security needs?

By adopting a new mind-set and asking a new set of questions.



A more effective cybersecurity strategy starts by asking new questions.

Organizations must start to acknowledge the elephant in the room: total cybersecurity is unrealistic. The strategy of approaching security with an open checkbook is only benefitting security solutions providers. Cybersecurity professionals must ask themselves a new set of questions. We see five.

There’s a clear downward spiral: more and more threats broaden cybersecurity spend and dilute it: hence over-investment and under-performance. It raises a new question: if protecting all aspects of security at all costs is unrealistic and ungovernable, what’s the answer? We think it’s the notion of ‘just enough’: identifying and securing the most critical elements of an organization, maximizing investment against these rather than spread it thinly across more and more security demands.

Security teams are increasingly preoccupied by the next big breach, but are they looking in the wrong direction? The chances are the most critical breaches have already happened, the ones that on average take 146 – 191 days to detect. Containing them will take another 66 days. Managing the fall-out could take years. Yet the collective impact on shareholder value and corporate reputation will only take days. Identifying solutions that most effectively manage what’s already happened will become as important as what is yet to happen.

The stats clearly point to external attackers as the greatest security threat, numerically cybercrime attacks are twice those of internal breaches. Axim believes this paints only half the picture: careless, negligent and malicious insiders with legitimate access to systems and data can cause disproportionate impact. Over 50% of IT decision-makers are kept awake at night by insider threats5. While 54% of IT decision-makers at federal agencies view careless and untrained employees and contractors as posing a bigger threat to cybersecurity than malicious ones6.

1. Is it time to think ‘just enough’ and accept there’ll never be enough?

2. Should the focus be on what might happen or what has already happened?

3. Will the biggest security threats be external or internal?

Part two.

5. Global Advanced Threat Landscape Report: CyberArk. 6. Federal Cybersecurity Survey, Solarwinds.



The strategy of protection and prevention is becoming more and more limited in the battle against cybercrime. It’s time to accelerate the detection, response and remediation time to minimize the commercial threat. It’s also time to refocus on prediction over prevention, by focusing the power of AI, algorithms, automation and managed services on highly securing what is most business critical. By 2020 60% of enterprise information security budgets will be allocated to reducing time to detect and accelerating recovery and remediation7, but should organizations wait?

Where should cybersecurity professionals begin? It starts by creating a checklist that security teams can use to interrogate and evaluate each core element of their cybersecurity strategy.

Will it enable a just enough approach by securing a key security element?

Will it help to better and more speedily mitigate a breach?

Will it defend equally against internal and external threats?

Will it enable detection, incident response and prediction?

Will it align with AI, machine learning, the IoT and cloud strategies?

Will it help reduce the reliance on outsourcing and close the skills gap?

Will it enable stronger compliance and governance?

Will it support the business agenda as well as the IT one?

Will it deliver safety and liberate cost savings, and how much?

4. How to balance protection and prevention with detection and incident response?

5. How to view the existing strategy through a new lens?

7. Gartner.



As cybersecurity teams ask a new set of questions the chances are they’ll land on a new type of value proposition, that balances risk with usability and price. This formula could help identify new solutions and new ways to optimize existing ones.

There is one natural place to start this process: the network.

In the next parts of this paper we posit why and propose a solution that in our view will deliver a step-change in security yet not tie up a large proportion of the security budget.



8. The Global State of Information Security Survey: PWC.9. Mobile Cyberattacks Impact Every Business: Check Point. 10. The 2017 State of EndPoint Security Risk Report.11. Imperva.

New cybersecurity thinking starts and finishes with the network.

Why the network? There are two killer reasons. Where there once was a hard, fixed boundary there is now a flexible, everywhere periphery. No longer can the hard edges of a firewall protect against external access: the traditional network confines have been splintered by personal devices, remote working, visitors and the Internet of Things. It makes defining the organization’s perimeter virtually impossible, and it makes the network one of the critical focal points in a ‘just enough’ strategy.

The network is where the technologies that will make or break security strategies collide. Phishing is still the top cybersecurity threat for over half of organizations, almost half see ransomware and malware as a critical threat3. These threats will intensify as networks become the backbone of digital strategies, technologies and transformations, making them the epicentre of digital risk. Despite the potential benefits of automation and robotic systems, 40% of business leaders worry about the vulnerability of emerging technologies to cyberthreats8.

100% of organizations with over 500 mobile devices experienced a mobile attack in 20179. The growth of BYOD is opening up new risks. 77% of attacks on endpoint devices in 2017 involved the use of fileless malware, with over half of attacks compromising data and infrastructure10. Whilst 90% of remote code execution attacks in December of 2017 involved crypto-mining malware11.

The IoT is also generating a new set of security challenges. Recent data concludes that just a third of organizations plan to assess the potential business security risks of connecting more devices to the Internet, yet over 60% have had to deal with an IoT-related security incident8. Then there’s the cloud.

These statistics make the network a critical ‘go-to’ in any cyber planning. With the right solutions in place, cyber professionals can build a strong defence against what has already happened as well as what will happen, and, a more effective first defence against the external and internal. Not to mention strengthening their security posture against the zero day and the everyday. The question then becomes what will be the most effective network security solution?

Part three.



The best new network security solution is an old one.

What are the defining network security solutions? VPNs? packet sniffers and network analyzers? deceptive network technologies? The solution that best fits the changing landscape and the new cybersecurity mind-set is actually a re-invention of an existing network security solution: network packet capture. It may sound illogical and counter intuitive, but the logic is strangely compelling.

Full packet capture offers greater depth than other network security solutions. It goes beyond data capture to identify security flaws and breaches by determining the point of intrusion. Data leakage can be identified through content analysis and monitoring. It can troubleshoot the occurrence of undesired events over a network and help solve them remotely. When data is stolen, network administrators can retrieve a copy of the lost data from the captured and stored traffic. It also enables forensic analysis: whenever viruses, worms or other intrusions are detected in computers, the extent of the problem can be determined and network traffic can be blocked to save historical information and network data.

The traditional limitations to network packet capture no longer exist. Traditional offers failed to deliver the most important reason to employ network packet capture: greater network visibility at an unprecedented scale. Storage at scale was prohibitively expensive, capture rates and network searches too slow, and there was an inability to scale to meet the extended storage timelines businesses needed. But new technologies have reinvented the performance, scalability and expense barriers to network packet capture.



It’s time to rethink network packet capture.

Network packet capture has quietly been re-invented by new players harnessing disruptive technologies. Their unique capture and storage architecture breaks the performance, scalability and expense barriers of existing frameworks. There is now the potential of 1Mbps to 100Gbps capture rates, real-time filtering, and, the ability to retain weeks, months and even years of network traffic - for as little as 20% of the cost of traditional systems. They will even accelerate incident response and network troubleshooting.

Traditional packet capture solutions Next generation packet capture tools

Storage is too expensive. Reduce IP packet storage costs by up to 80%.

Capture rates too slow: < 4Gbps. Support world's largest network speeds to 100 Gbps.

Search is limited and slow. Real-time indexing and immediate access: in seconds.

Can't share data between/among other Industry standard PCAP data access service along with vendors tools, and, limited filtering. BPF and customizable filtering.

Not available in multiple form factors. Same technology: laptops to enterprise environments.

Not scalable to 10/1000s of PBs Scale from TBs to 100s of PBs with storage, search … or weeks, months & years of packets. & analytics that can store and access years of packets.

Limited integration capability. Integrate with existing security tools, existing analytics software, and, it's open architecture.

Requires IT security skills. Usable by multiple job roles.

$1m/ petabyte. $100k/ petabyte.

Part four.



Network packet capture can solve the big new cyber security challenges.

There is no doubt network packet capture can be a vital element in a more effective cybersecurity strategy. It helps solve the big new network security challenges.

If you take network security to be of paramount importance then completely. Not only that but the scale of network packet capture will enable cyberteams to over-deliver on just enough.

The capability to store years of network data and search it in minutes means attacks can be detected faster. The positive impacts on disaster recovery, business uptime, customer experience and corporate reputation are huge.

Completely. The logging and real-time indexing functionality of advanced network packet capture solutions enables them to identify and isolate multiple types of external and internal breaches.

There is a breadth of incident response capabilities in today’s top packet capture solutions. They can detect unlogged activity, data exfiltration, phishing preparation and malware infiltration. Plus their machine learning capabilities better prepares cyberteams for the coming machine wars.

The scale and speed of data capture and analysis means that network packet capture solutions can deliver on the promise AI delivers in the cybersecurity space, and better defend networks from the threats of IoT and cloud.

The usability levels in today’s network packet capture solutions enables them to be used by multiple job roles and not just IT specialists.

Will it enable a just enough approach by securing a critical element of security?

Will it help to better and more speedily mitigate a breach that’s already happened?

Will it defend equally against internal and external threats?

Will it enable detection, incident response and prediction?

Will it align with AI, machine learning, the IoT and cloud strategies?

Will it help reduce the reliance on outsourcing and close the skills gap?



Where to from here?

The headline is simple: a new set of security challenges require a new mind-set and a new type of solution that’s based on the next generation of old thinking: network packet capture. The logic seems both relevant and compelling: the new breed of network packet capture tools can solve the emerging cost and RoI conundrum.

The core is a powerful value proposition: substantially reduced risk from a range of external and internal threats - from organized crime to state-affiliated groups to careless, negligent or malicious insiders. Added to this is great resilience thanks to incredibly high capture and search speeds. The usability is unparalleled and spans incident response, malware detection and real depth in network troubleshooting from forensic traffic analysis to network access control to user anomalous behavior. Then there’s the price, all of this is available for around 20% of the cost of the established and aging solutions.

It’s clear that this next generation of network packet capture can help cybersecurity professionals meet their big security challenges and demonstrate a strong return on investment. At a time when security needs will outstrip budgets, network packet capture can help cyberteams better manage their budgets: enabling substantial cost savings that can fund the incremental security demands.

Part five.



About Axim

Axim is a global partner for SentryWire, a next generation full network packet capture tool. It’s just one of the solutions we bring to help organizations better manage CX risk, and protect their customer loyalty, corporate reputation and commercial bottom line. Learn more about our data and technology risk-management solutions, and our range of CX governance offers and platforms.

www.aximglobal.com

How do cybersecurity professionals best realize this?Axim can help. Our partner base can enable you to more intelligently fight cybercrime through digital forensics, incident response and cyberthreat detection. We can also help you harness the defining, next generation packet capture and network security solution: SentryWire.

We believe it’s the only solution that offers full packet capture, 100s of petabytes of data capture for the price of 1 petabyte. It also delivers the industrys’ fastest capture and the quickest search speeds and it integrates with your existing security technologies. No other packet capture solution will detect attacks faster and accelerate recovery. It is also completely AI, IoT and cloud-ready.

To discover more visit www.aximglobal.com/sentrywire

Documents

Cybersecurity isn’t working. · What are the big cybersecurity trends and dynamics that are ... protecting a business from its people and organized crime as digital transformation