From Threat Detection to Information Protection

June 1, 2007
/ Print / Reprints /
ShareMore
/ Text Size+


Driven by the age-old lure of easy money, many of today’s criminals are using high-tech cyber attacks to commit identity theft and financial fraud to line their pockets.
   
The technological capability of malware developers has grown to the point where malware can be effectively used to steal information from infected computers.  Targeted attacks and social engineering are being used in conjunction with advanced malware to compromise computers at homes and offices around the world, enabling these high-tech versions of well-known crimes.
   
Malware can be loosely defined as any software program that is not operating in direct or indirect support of the intended mission of that computing system.   Certain forms of malware known as keystroke loggers, screen-scrapers and session recorders are able to capture operator input and system data and deliver to some other computer over the Internet, where valuable personal or company information can be harvested from the vast fields of captured data.

COMPROMISES SPELL TROUBLE

Today’s attacks usually begin with technically or socially clever schemes that compromise computers with malware. In simple terms, compromised computers spell T-R-O-U-B-L-E. Keeping network-attached computers safe from compromise is a significant part of the chief security officer’s and chief information officer’s job.  From a technology perspective, most experts agree that protecting computers from compromise requires both computer-based and network-based measures.   Host-based software such as personal firewalls and anti-malware software are a necessary part of safe computer use. Network-based technologies like firewalls, intrusion detection systems and intrusion prevention systems can play a key role in securing the infrastructure.

In the past 10 years, we have witnessed the evolution of network-based security from “keeping the bad guys out” with firewalls  to “seeing what’s getting through the firewall” with intrusion detection systems (IDS) to “keeping the bad stuff out” using state of the art technology like intrusion prevention systems (IPS).

This evolution of network-based protection technology has been driven by the need to keep pace with the evolving threat landscape. The current state of the art, using high-performance network IPS technology to identify and block threats can be very effective in reducing the likelihood that protected computers are compromised.   However, IDS and IPS technology generally share one common characteristic that may limit their ultimate effectiveness.  They’re generally focused on identifying the malicious and/or harmful network transactions and stopping them.

IDC Research recently issued a report that found technologies such as intrusion detection systems are only spotting 70 percent of intrusions.  Even taking the logical step to using intrusion prevention systems to stop these intrusions is clearly not going to be 100 percent effective.   Security experts will correctly point out that security is best implemented through education, process and with a layered approach to technology.

INFORMATION PROTECTION MINDSET

Looking forward, organizations will be best served by expanding their viewpoint beyond threat detection towards information protection.
   
Implementing strict policies on encryption and where critical information resides can reduce risks associated with physical loss issues such as laptop or backup tape theft. Implementing strict authentication and access controls can reduce risks from insider threats and inappropriate access to sensitive company or customer information.   Implementing organization-wide document classification processes can provide a basic infrastructure within which information protection policies can be enforced.
   
As organizations enhance their network security infrastructure, they should look to technologies that go beyond threat-detection-based approaches and toward true information protection.  Intrusion prevention systems that can provide not only access controls and threat-protection, but also implement strict acceptable application usage policies and even document control policies will lead the way towards successful information protection.
   
The significant rise in 2007 of sophisticated, targeted threats, the continued discovery of vulnerabilities in commercially deployed software and the high-profile losses of sensitive customer and employee information are shouting out to all security professionals to expand their viewpoint beyond threat-detection and towards information protection. Organizations should consider further education for their users, new information protection policies and additional technology solutions such as intrusion prevention systems and information leakage protection solutions.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mike Paquette

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+