Advanced Threat Protection: Expert Tips for Protecting Your Organization Against Advanced Threats



26 security pros share the most effective approaches to advanced threat protection.

Advanced threats have become a serious problem for today's enterprises. Often a moving target, advanced threats are among the most challenging security threats for companies to mitigate, requiring a multi-faceted approach that identifies threats and successfully blocks them before compromise or data loss occurs. Advanced threats that successfully breach networks and compromise valuable company data often result in substantial recovery costs, a loss of trust with consumers, and reputation damage that can take years to repair.

So, what are the best methods and solutions for today's enterprises to mitigate advanced, sophisticated threats? To gain some insight into the most effective approaches to protecting against advanced threats, we asked a panel of security pros to answer this question:

"What are the best approaches and solutions for advanced threat protection?"

Find out what today's leading enterprises and security professionals turn to when protecting against advanced threats by reading what our panel had to say below.

Meet Our Panel of Cyber Security Experts:

 

 


Will Gragido

@wgragido

Will Gragido is a seasoned security professional with over 20 years’ experience in networking and information security. Will’s extensive background is the result of his service as a United States Marine, a consultant with the world renowned International Network Services, Internet Security Systems (now IBM ISS), McAfee, Damballa, Cassandra Security, RSA Netwitness, Carbon Black, Digital Shadows and now Digital Guardian where he leads the organization’s Advanced Threat Protection Product Line as its Director.

Advanced threats require advanced solutions and technologies in addition to…

Advanced methodologies designed to detect, identify (extremely important), monitor, mitigate/prevent, and, where necessary and applicable, remediate. So, what does this mean to the average enterprise organization?

For starters it requires that the board and the executive staff understand the importance and are in support of properly securing their organization, its assets, and its interests. This is key. Too often organizations pay lip service to security and as a result pay in spades when an incident occurs that leaves them compromised and exploited to one or more threat actor. It also requires an organization to invest in the right people from both a management and execution perspective. This could mean investing in a competent internal staff, in an outsourced partner, or a hybrid. Regardless of the model elected, the fact that competent staff is in place is paramount to protecting the organization from advanced threats.

For any security program to succeed, the organization must understand what it is protecting and securing. This sounds like an easy proposition, however, in many organizations there are often times large differences of opinion as to what requires protecting/securing, the priority appointed to those efforts, the funding for those efforts and their execution. To properly secure and protect against advanced threats an organization must know itself. This means that those responsible for protecting and securing the enterprise must understand what and who constitutes the enterprise and its population. The teams tasked with this responsibility must understand the size, scope, and number of sites which comprise the organization. They must understand the network, it’s design, architecture, ingress/egress points, wired and wireless domains and guest networks, systems (storage, servers, endpoints – desktops, laptops, tablets, phones etc.), B2B relationships which may warrant and require the use of authorized user ids and accounts, any and all existing security controls within the network and present on systems.

A failure to understand the nature constructs of the enterprise can be catastrophic. Additionally, these teams must understand and weigh in on programmatic elements that impact the overall risk posture of the organization. They must understand the policies, controls, processes, procedures and technologies (as mentioned above) which are in place today or are being planned for within the enterprise.

Finally, these teams must understand their user populations, their patterns of use, and what is and is not considered acceptable by virtue of policy. They must understand what threats are germane to their industry vertical, business, and specific users. A healthy understanding of the threat landscape in general can go a long way, but understanding who and what is in play with respect to one’s own industry vertical can be extremely beneficial in mitigating the threats posed by advanced threats and threat actors.


John LaneJohn Lane

@Biscom

John Lane is the Chief Information Security Officer at Biscom, the leader in secure communications for regulated industries. John has over 19 years experience in supporting large Fortune 500 companies, heading security initiatives, and managing datacenter operations. He holds a BS in Electrical Engineering from University of Massachusetts Lowell.

"There is not any 'one' best approach to advanced threat protection..."

And there is a varied approach by the vendors in the market. Companies can choose from a variety of options including a combination of next generation firewalls, endpoint protection and advanced threat protection appliances which can be used to protect networks from attacks.

Threat protection should initially be approached from a risk point of view. Consider what are you trying to protect and who wants it protected. A great way to get these points of views are by sitting down with business leaders who are not involved in IT or security, to get a better understanding of what assets should be protected. Aligning goals and focusing on what’s important for the business, not only the CISOs, is key here.

Should enterprises focus security investments on detection or prevention?

Focusing on both prevention and detection is critical – while also patching up areas that may have security holes.

Implementing even the most basic protection systems, such as next generation firewalls at the edges of your network, and advanced endpoint protection with each client can make a significant difference.

Today, if an attacker with resources wants to access your network, it’s likely that they will be successful. Because of this, stopping attacks from external sources is not enough. CISOs also need to monitor their networks for malware and APTs that may have already infiltrated the network.

Detection starts with log analysis to advanced threat protection appliances sitting on your network and watching for abnormal activity that is moving laterally within your organization. Abnormal activity includes access to files and resources by someone who doesn’t normally access them or any unusual access from a specific user. For example, abnormal activity can be an authorized user downloading customer contact information during abnormal hours, or when a user accesses many resources during a short period of time.


Christopher StarkChristopher Stark

@Cetrom

Christopher Stark is the founder and CEO of Cetrom, an industry-leading provider of custom cloud solutions that transform the way businesses succeed. With nearly 30 years of experience and some of the industry's most prestigious technical certifications, Stark employs unmatched insight on the future of IT to serve clients.

"There are several components of effective advanced threat protection..."

  • Perform a security audit to identify vulnerabilities in your organization's IT infrastructure and conduct a vulnerability assessment or penetration test at least once each year.
  • Layer protection and implement network-wide security solutions-like two-factor authentication.
  • Perform regular, if not daily, backups. Small to mid-size businesses that work with critical client information should perform daily backups. Look into storing data on servers at a secure off-site storage facility instead of locally/onsite.
  • Create a log of past security events and input the data into a security information and event management (SIEM) system. This system will give a holistic view of the entire organization's security.
  • Educate staff by having ongoing or regular security education and cybersecurity training courses so that they will be able to identify suspicious emails, attachments and other cyber threats.
  • Avoid using unsecure third-party file-sharing tools. They can easily be hacked and provide direct access to valuable information and data.

Manos AntonakakisManos Antonakakis

@GeorgiaTech_ECE

Manos Antonakakis is assistant professor of computer systems and software at the School of Electrical & Computer Engineering at the Georgia Institute of Technology, where he earned his PhD in computer science. His research interests are computer and network security, anomaly detection, and data mining and machine learning.

"A great approach to deal with advanced persistent threats (APTs) is..."

To reduce the unknown or unclassified network traffic in your network. If you are aware of the malicious traffic in your network, you can mitigate the local threats. However, APTs and other threats that yield major breaches are effectively the network communications that tend to fly under the radar of modern network detectors – as a result, the local security operations center is unaware of the security problem for a long period of time. Therefore, minimizing what is unclassified in your network traffic is a great way to reduce the risk of a major breach.

At the same time, local operators should always test the efficacy of their detection engines. There are several ways that this can be done (i.e., pen-testing). Georgia Tech is exploring how to make pen-testing easier for highly customized and proprietary organizational systems, thanks to a grant from the Office of Naval Research.


Greg EdwardsGreg Edwards

@WatchPointData

Greg Edwards is the CEO of WatchPointData.

"The best solution to advanced threat protection is..."

First understanding that the network perimeter is now the endpoint. Protecting the endpoint and assuming the breach is the only way to protect today's connected network. Using endpoint detection and response systems is the only way to gather the intel needed to accurately and swiftly respond to threats. The problem with these systems though is alert fatigue - so many alerts that the SecOps team can't deal with them. By adding honeypot data to the network breaches you can make it much easier to detect and respond with high accuracy and speed. The average breach today is detected after 203 days, that has to be cut to under an hour to prevent damage.


Joseph CarsonJoseph Carson

@joe_carson

Joseph Carson is a cyber security professional with 20+ years' experience in enterprise security & infrastructure. Joseph is a Certified Information Systems Security Professional (CISSP). An active member of the cyber security community, Joe is a Director at Thycotic.

"The best method for protecting against advanced threats is to..."

Establish a mindset with your staff on which systems are updated and assessed on an ad hoc basis. Most organizations look to automation to help assist in their cyber security defenses. But for many, this lends itself to predictability. Be one step ahead of the hackers and randomize your security activity; be deceptive and be unpredictable. This will increase the company's capability in detecting active and potential cyber-attacks and breaches.

In advanced threats, the attacker will spend a large amount of time researching a list of potential targets, gathering information about the organization's structure, clients etc. Social media activity of the people in the target company will be monitored to extract information about the systems and forums favored by the user and any technology vulnerabilities assessed. Once a weakness is found the next step the attacker will take is to breach the cyber security perimeter or send emails containing malicious software like ransomware and attempt to gain access, which, for most attackers, is easily done. Organizations should use similar analysis techniques to identify which types of data threats will target and use that knowledge to deploy security controls to mitigate the risks.

Finally, by keeping systems' security updates current you can significantly reduce the risks of malicious software exploiting those vulnerabilities.


Idan Udi EdryIdan Udi Edry

@Nation_E_

Idan Udi Edry is the CEO at Nation-E and a distinguished veteran in the fields of information technology and data security, as well as an experienced leader driving innovation and execution at scale. Edry has mastered multiple disciplines and has accumulated 13 formal certifications from the world's most renowned IT and Telecommunications institutes.

"First, it's important to know that both detection and prevention of cyber-attacks are most successful..."

Together, rather than on their own, in order to protect an organization. The dynamic growth of new threats attacking an organization's vulnerabilities requires timely adjustments to the methodologies in the prevention and detection cycles. A change in one phase affects the entire process in some form. A proactive strategy adjustment in the prevention phase will adjust the detection, and even response activities.

To successfully protect itself from a cyber-attack, an organization must be properly prepared. In many cases today, proper protection is too expensive – this is why 3rd party organizations are now offering both detection and prevention as a service to set a proper baseline security. That would be a good first step for smaller organizations. For the larger ones, it would require the establishment of a well-funded, strong security team that would establish a strategy for detection and prevention.


Carl Mazzanti

@emazzanti

Carl Mazzanti is the founder and CEO of eMazzanti Technologies, a premier IT security consulting firm throughout the NYC Metro area and internationally. A frequent business conference speaker and technology talk show guest, Carl has often contributed at Microsoft-focused events, including the Microsoft Worldwide Partner Conference (WPC).

"One of the best methods for advanced threat protection is..."

A cloud-delivered network security service that observes Internet infrastructure before attacks are launched prevents malicious Internet connections. Organizations stop up to 98 percent more attacks than firewalls and antivirus alone by pointing DNS traffic to a such a service. It continuously observes new relationships forming between domain names, IP addresses, and autonomous system numbers (ASNs). This visibility enables it to discover and often predict where attacks will emerge before they launch. To defend against ransomware, sandboxing is an effective way to determine which files are triggers. Sandboxing tools upload and execute files in question before blocking files or allowing them to execute on systems.


Cody CornellCody Cornell

@swimlane

Cody Cornell is the Founder and CEO of Swimlane.

"Enterprises need to focus on both detection and prevention to protect themselves..."

While enterprises have spent a lot of resources and money on threat detection, not a lot of attention has been paid to improving the operational performance of advanced threat protection through automating security response. With automation, enterprises as well as managed security service providers can become more effective in their ability to significantly reduce process execution time, lower operating costs, improve incident response capabilities, and deliver more robust security operations services to the enterprise or customers. An automated incident response solution can reduce manual effort by automatically responding to alerts, gathering related threat intelligence, and automating the implementation of security controls, all of which aides in protecting organizations from future attacks.

While enterprises understand the value of detection and prevention, they are quickly realizing that a detection alarm with no response is about as valuable as no detection at all. To win the security battle organizations must address the pain points and automate to make a difference.


Steven J.J. WeismanSteven J.J. Weisman

@Scamicide

Steven J.J. Weisman is a lawyer, college professor at Bentley University where he teaches White Collar Crime and one of the country's leading experts in cybersecurity. He has written numerous books on this subject including his recent Identity Theft Alert. He also writes the blog Scamicide, where he provides daily updated information about the latest scams and identity theft schemes. He also writes about these subjects as a columnist for USA Today.

"Advanced persistent threats are a technological problem, however, technology is also..."

The solution. While firewalls and and anti-malware security software are helpful, they quite often are not enough to meet the challenge of advanced persistent threats. Analytics that can identify suspicious or unusual patterns of behavior can be a tremendous help in fighting the problem of advanced persistent threats. In addition, the manner in which the malware that makes up advanced persistent threats is delivered is through spear phishing emails. Training of employees to recognize spear phishing is important, but perhaps more important is the use of security software that targets phishing emails.


Alexander SteinAlexander Stein

Alexander Stein is the Founder and Managing Principal of Dolus Advisors, a boutique New York-based consultancy that employs expertise in human risk forecasting - actionable insight in human behavior and its drivers - and the psychodynamics of fraud, corporate ethics, compliance, and organizational culture to help companies proactively mitigate white-collar and cyber malfeasance risks.

"Effective solutions to combat advanced threats require..."

Accurately understanding the problem. The dominant view in cybersecurity is that threats and solutions are technological. Attention to the mechanics of deeds eclipses consideration of the actors who commit them. People are the central element. The ferocious complexities of human factor risks are serially underestimated, grossly over-simplified, and outright misunderstood. Companies buying or using conventional cybersecurity programs are falsely assured and under-protected. Despite investments of considerable capital and other resources in mechanistic detect and defend prescriptions and technologies, most institutions remain vulnerable to a thousand blind-spots, shadow risks, and rakes-in-the-grass. Robust threat mitigation and defense pivots on sophisticated behavioral analytics, root cause analyses, and predictive human factor risk management: understanding why good people sometimes do bad things, accounting for the drivers of malicious decision-making and behavior, and integrating governance, ethics, culture, compliance, and info-sec into a truly collaborative multidisciplinary defense unit.


Michal SalatMichal Salat

@avast_antivirus

Michal Salat is a Threat Intelligence Director at Avast. Previously, he worked as Malware Analyst at Avast. He has been working at Avast for more than six years. He holds a Master of Science degree in System Programming from the Czech Technical University in Prague.

"The best approach to protecting your company against advanced threats is..."

To, first and foremost, have an antivirus or endpoint protection solution installed. Observing and controlling what is entering your company's network is also imperative when protecting against advanced threats. You should have a firewall installed at your network's gateway to prevent malicious domains from being accessed. Intrusion prevention systems (IPS) and intrusion detection systems (IDS) will also prevent threats from entering and will help detect advanced threats in networks, in case they do manage to enter. There are open source threat intelligence solutions that exchange indicators of compromise, so your tools stay up-to-date with latest threat information.

In addition to solutions, it is imperative that you continuously educate your employees to be vigilant when opening attachments and links. For example, you can set company standards when it comes to file types that can be used and you should have the external agencies you work with also enforce the policy. This can help prevent employees from falling for phishing attacks, because they can more easily recognize potentially malicious files before even opening them. For example, an attack can be prevented if an employee is aware that invoices with a *.js extension should never be opened, as they should not be sent as such according to their company’s policy.


Neil MartinNeil Martin

@PandaSecurityUK

Neil Martin is the head marketer at the U.K.-based cloud security company, Panda, delivering protection and management solutions to companies of all sizes.

"With the ever evolving threats from malware and hackers..."

Cyber security companies are having to work to keep up and it has led to the rise of next-gen endpoint security vendors, for which Gartner has coined the category Endpoint Detection and Response. The key to cyber security lies in layers, starting with ensuring your operating systems and applications are up to date, your users are educated on safe behavior, and then having your security solutions in place. Ideally security should consist of traditional security technologies of signatures and HIPS, along with next-gen behavioral based and contextual technologies.

However, recent behavior has led to Virus Total banning some of the non-contributory next-gen security vendors from accessing their services as they were supporting their advanced detection by submitting potentially malicious files to detection from traditional vendors. This suggests that next-gen vendors are not fully confident in their solutions.

What you need, according to Gartner, is to supplement existing security with EDR to detect sophisticated hidden threats that evade the EPP.


Clint EvansClint Evans

@consultant

Clint Evans, co-owner of StandOut Authority, is a #1 Amazon best-selling author, speaker, and coach to decisive and growth-minded entrepreneurs. He has a column with Entrepreneur.com and Business.com.

"Security starts at the CEO level..."

The CEO must be clear what the vision for the security of the organization's data is. Then the CEO must communicate that to all managers and make sure it infiltrates each level of the company. Commitment to data security must become part of the company's culture.

This mindset and way of behaving is the first critical piece. Encryption and other systems technology plays a big factor in advanced threat protection. I just attended a cybersecurity event panel. It included an FBI agent in San Antonio’s cyber security division and the CEO of a multibillion-dollar hospital.

They shared stories that no organization is immune to hackers and data attacks. Many times the hackers don't even have a specific motive. They're just testing the waters to see if they can get in. Once in, can they extort money?

Deciding who needs access to which silos of information is critical. It's a simple human element to a system often too reliant on technology. An extra layer of protection is to require password changes every 7 days for people with access to the most sensitive data. Hackers often use brute force attacks to gain access through an employee's login. With intention and proper processes, you halt a majority of these breaches.

A simple rule of thumb – make your organization and its data two or three levels tougher to hack than your competitors. Hackers follow human nature. They seek the lowest hanging fruit.


Ed KoehlerEd Koehler

@Avaya

Ed Koehler is the Distinguished Engineer for Corporate Solutions, Stealth Security and IoT at Avaya. He has been in the communications and networking industry for 20+ years. Ten of those years he spent as a Senior Technology Architect for R&D within the CTO division of Nortel. His area specialties are IPv6, Multicast, Digital Identity and Network Security as well as Voice and Video communications and Data Science—all areas within which he holds several patents. Ed joined with Avaya in August of 2010 as a Senior Data Solutions Architect specializing in Virtualized Data Centers and associated technologies including compute and storage. Currently, he is serving this role at the Global geography level. He was named Distinguished Engineer at Avaya in October of 2012.

"As the number of network security breaches reach staggering proportions..."

An increase of 38% in just the past year alone – hackers seem to be just one step ahead of the latest security technologies [1]. While trends such as mobility, IoT and cloud computing promise incalculable opportunities, they make it nearly impossible to determine the location of organizations' boundaries and thus, real and potential advanced threats stymie progress.

In fact, an organization’s perimeter is now everywhere, which makes it even more critical that security is a core component of the foundational network architecture that is capable of extending to any potential access point – whether that’s in the cloud, a mobile device or even a sensor unit in a HVAC system.

Hyper segmentation – the ability to create secure “swim lanes/zones” within the overall network based on a particular function, location or service – offers ones of the best means of addressing security breaches by limiting how far a hacker can go once they gain access.

Avaya’s approach to securing the “everywhere perimeter” comprises of three synergistic capabilities:

  • Hyper-Segmentation: The ability to create stealth segments that span the entire network.
  • Native Stealth: The characteristic of a hyper-segment that is invisible to hackers.
  • Automated Elasticity: The capability to create and remove hyper-segments automatically.

[1] The 2015 Cost of Cyber Crime report indicates that cybercrime is costing US companies an annual average of $15.4 million/yr, and we're seeing an average of 160 successful cyber attacks per week. 2015 Cost of Cyber Crime Study: United States, Ponemon Institute, October, 2015.


Abhirukt SapruAbhirukt Sapru

@abhirukt

Abhirukt Sapru is the Head of Business Development at CheckRecipient, a London based and venture capital-backed machine learning and cybersecurity start-up focused on human error prevention in emails. He was previously an investment banker with Citigroup in Hong Kong.

"Advanced threat protection needs to be..."

Scalable, flexible, and intelligent. When choosing solutions, procurement teams should focus on advanced machine learning technologies to combat an evolving vulnerability landscape. Traditional cyber defense systems were not designed to handle sophisticated external attacks, and cannot really comprehend the minutiae associated with both malicious and inadvertent insider threats.

It's best to operate a stack with smaller, more niche or specialist providers defending different vulnerabilities rather than engaging in a one-size-fits-all solution. This allows organizations to scale those protection mechanisms that are working and evolving, and also drop those that do not inherently address a growing risk.


Justin DavisJustin Davis

@ThinkScale

Justin Davis is a Technology Sales Leader for Enterprise Business residing in San Francisco, CA., specializing in Data Security, Disaster Recovery & Business Continuity and Predictive Analytics.

"Advanced threat protection is a very subjective statement..."

We tend to find simple beats advanced. Making sure you have a strong data encryption policy with a robust asset management platform alongside rigorous patching can fight off a lot of the most common market threats. We find that some of the more advanced systems tend to have high false positive rates and require a lot of attention to get them right. Centralizing authentication (single sign on), creating a good data policy and making sure you really understanding where a threat can come from is the best way to combat advanced threats. Also, you can't see what you're not watching so make sure after you have put good controls in place you have a way to watch your environment and measure its on-going well being.


Chris OlsonChris Olson

@olsontmt

Chris Olson co-founded The Media Trust 2005, where he currently drives the company's vision, direction and growth plans. Prior to establishing The Media Trust Company, he spent four years as the chief operating officer and board member at Spheric Media. Olson currently serves on the board of the Interactive Advertising Bureau's Advertising Technology Council.

"Your corporate website is a conduit for advance threats..."

It is ironic that when it comes to protecting against advanced internet-based threats, few think about their own corporate website. Website breaches lead to data loss and expose an enterprise to both business and legal risk. According to research, at least 78% of all code executing on an average website is provided by unidentified third parties unknown to the IT/information security team – a company’s website can be risky business. You wouldn't allow an unauthorized stranger to walk into your office and operate unchecked, so why would you allow unauthorized vendors to operate on your company's public-facing website? Extending vendor risk management and compliance strategies to the corporate website can protect website visitors – employees, shareholders, board members, job applicants, and prospective clients alike. Governing your website is a key countermeasure for the data loss and risk exposure growing number of website breaches we witness today.


Satwant AtwalSatwant Atwal

@IMRINews

Satwant Atwal heads the Cyber Security practice for Information Management Resources, Inc. (IMRI). Atwal is responsible for the company’s product and service offerings within the federal and commercial sectors and possesses diverse industry experience in the design and implementation of cyber security solutions for organizations of all sizes.

"No single tool can prevent all attacks..."

Therefore, selecting multiple tools to build a solution that integrate well with each other is very important. A comprehensive solution must include a tool that can assist with disrupting and countering the attack if and when it occurs.


Dr. Matthew MichelsonDr. Matthew Michelson

@cytenna

Dr. Matthew Michelson is an Advisor to Cytenna and the Chief Scientist of InferLink Corporation. He is an expert in machine learning, data integration, and scalable data analysis, and has published numerous peer-reviewed publications in the top national and international artificial intelligence conferences and the high-impact artificial intelligence journals.

"A pernicious issue for advanced threat protection is..."

That increasingly, a common vulnerability across most organizations is actually a point of weakness: namely open-source software (OSS). OSS is used as tools (web server, database) but even more meaningfully, it's also baked deep into an organization, often as third-party libraries included within companies' own developed code. A privilege escalation or remote code execution vulnerability could be lurking in your own codebase. Thankfully, there are now options as to how to address this, across a variety of techniques. Regardless of the method, the key is to shine a light on the vulnerabilities within OSS that may in turn creep into your organization through its tools or its code.


Shaun RiordanShaun Riordan

@shaun_riordan

Shaun Riordan is Principal Consultant with Aurora Partners. He is also a Senior Visiting Fellow of the Institute of International Relations of the Netherlands (Clingendael) and a Senior Analyst with Wikistrat. At the Clingendael Institute he is a member of the Diplomatic Futures Group and heads up the Business Diplomacy Project. A former British diplomat, he served in New York, Taiwan, Beijing and Madrid, as well as the Counter-Terrorism and Yugoslavia Department Departments of the Foreign Office.

"Organizations are increasingly not only wanting to understand how attacks are being carried out so that they can defend against them, but are also interested in the who, what, when, where and why..."

Companies cannot just depend on technical measures to protect them from cyberattacks. In the constant arms race between cyberattack and cyberdefence, the cyberdefenders, like the French army Maginot line in the 1930s, tend to be preparing to fight the last war. The advantage is with the attack. Apart from developing defence in depth, companies need to develop more forward strategies to identify and deter potential hackers. They need to generate enterprise resilience that will allow them to adapt to cyberattacks and ensure business continuity. They need to develop collaborative working strategies, both within the company and with other companies and government, to ensure more effective responses to cyberattack. Finally, they need to implement effective communications strategies to ensure that the public (including their clients) is on their side in the event of an attack, and not that of the hacker. All these elements need to be brought together in a coherent and holistic strategy. In other words, companies need to develop a Cyber Diplomacy Strategy, which complements and reinforces the technical solutions.

Cyber Diplomacy strategies are no more a one-stop solution than technical cybersecurity, any more than diplomacy can deliver world peace without the support of armed force. They complement and reinforce each other.


Zuly GonzalezZuly Gonzalez

@ZulyGonz

Zuly is the CEO of Light Point Security, creator of the first fully isolated web browser. Light Point Security is a pioneer in the security-through-isolation space. Before founding Light Point Security, Zuly worked at the National Security Agency (NSA).

"In order to have any real protection against advanced threats..."

You must have a solution in place that goes beyond detecting signatures. Traditional advanced threat solutions do this by identifying threats based on their actions. The downside to solutions like this is that they require the advanced threat to enter the network and start executing before they have a chance to identify their malicious behavior.

Another alternative is to isolate the most dangerous activities, like web browsing, in an area where even advanced threats can do no harm. Using this approach, no detection is needed at all.


Jean-Marc FélioJean-Marc Félio

@leadingboard

Jean-Marc Félio is the president of Leading Boards, a software company that helps boards with security, compliance, information sharing, communications and efficiency. Prior to founding Leading Boards, he designed and produced board software for hospitals and health centres across Canada, and worked as an entrepreneur, founder and manager of major projects in broadcasting, new media and new media technologies.

"Though commonly overlooked, the fact is that the most vulnerable element of any security system is..."

Humans, because their actions cannot be controlled by lines of code. The risks are even greater when the humans in questions work in the C-suite or hold board positions because of strategic and sensitive information they access. To establish advanced threat protection, companies need to begin by addressing the human factor in data security even at the highest level in the organization.

A good first step is to consider storing sensitive information outside of the company. By doing this, companies can reduce the risk of internal data leaks or breaches, where many threats originate. In our line of work, we recommend that that clients restrict access to important data to mobile devices because these often have enhanced security features, such as biometric access, and can be remotely wiped. If a client loses a tablet, we can easily remove any sensitive information from the device. This is more complicated on a laptop or desktop which retains more data.

The most important way to protect against threats at the human level, however, remains education. It is not enough to assume company executives know how to keep information safe in a digital world. Companies should create a security framework and consider hosting workshops to make executives aware of the threats. As encryption processes become more sophisticated, so too should our knowledge and awareness about threat protection.


Ben DesjardinsBen Desjardins

@Ben_Desjardins1

Ben Desjardins drives the development of vertical and use-case specific solutions for Radware's Security Product Portfolio. In this role, Ben focuses extensively on the competitive landscape for anti-DDoS, WAF and anti-scraping technologies.

"Advanced persistent threats come in various forms..."

One increasingly common type is the Advanced Persistent DDoS attack, which are characterized as DDoS attacks that include multiple attack vectors and leverage automated attack tools and advanced bots to send very large amounts of traffic. The best strategies for protection against these types of attacks include:

  • Use of automated protections such as real-time signature development to protect from new (zero day) attacks
  • IP agnostic protection that doesn't rely on the source IP address as the means of detecting and blocking attack traffic
  • Leveraging cloud-based attack mitigation through a hybrid solution that provides coordination between cloud and on premise based resources

Greg Mancusi-UngaroGreg Mancusi-Ungaro

@BrandProtect

Greg Mancusi-Ungaro is CMO at BrandProtect, where he's responsible for developing and executing the BrandProtect market, marketing, and go to market strategy. A passionate evangelist for emerging technologies, business practices, and customer-centricity, Greg has been leading and advising world-class marketing initiatives, teams and organizations for more than twenty-five years.

"There are a few things to consider about advanced threat protection..."

1. The external threats are real and they are impacting businesses every day.

2. Although security teams don't usually have the internal expertise or resources to take on external threat monitoring, there are technology partners and services that can augment and extend the security practice.

3. Security is hot and the market has been flooded with money, both in terms of corporate budgets and also in terms of M&A and investor activity in the space. Suddenly there are a lot of glitzy, promise-the-world solutions. If a CISO is looking to make a splash internally, the attractive offerings by the intelligence vendors are very tempting. But they don't really seem to solve a problem.

4. Ultimately, knowledge of how others are using an enterprise's (and their executives') identities and IP is crucial to maintaining a business' reputation, trust, and market position. This kind of intelligence (how others are trying to use our own reputation as a weapon) will garner positive attention at the board level. We need to help CISOs understand that.

Nate Lord

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Free Trial 2017 Gartner DLP MQ Contact Us