Vikram Phatak, CEO and Chairman of NSS Labs, discussed cyber attacks and the best strategies to prevent them.
“When you think about cyber security, what is your organizational goal?” asked Phatak at the outset of his thought leadership presentation at the 2016 Chief Information Security Officer Leadership Forum held on April 28 in New York. “Prevent the breach and exfiltration of the data,” responded one audience member. “Minimize risk,” answered another. Phatak said these were both good answers. “Preventing the attack” isn’t a good answer, he said, because attacks are going to happen. The important thing is the response to the attack.
The “kill chain” describes everything from targeting to exfiltration. Different technologies address different aspects of the kill chain, explained Phatak. Vulnerability management and patch management come before an attack; intrusion prevention, breach detection, and so on come into play during the attack. After the attack comes incidence response and clean-up. “Most money is spent after a breach—not to prevent the next one,” Phatak pointed out. “Shifting investment to vulnerability prevention is by far the best strategy.”
“Most money is spent after a breach—not to prevent the next one.”
“There are no real decision-support systems for cyber security in many industries,” observed Phatak. Many current security technologies, such as SIM, are backward-looking and often don’t focus on the right information. Logs don’t tell you what was missed. Also, attacks happen in computer time, but responses take place in human time. “Companies typically patch monthly, but the bad guys change their approach hourly,” warned Phatak. “Automating the response process shortens the patch window from a week to seconds.”
“Companies typically patch monthly, but the bad guys change their approach hourly.”
“According to a report from Verizon, 85% of breaches are due to 13 vulnerabilities. Our data show that 97% of breaches are caused by a few hundred commercial exploit kits,” said Phatak, “and APTs are only a small percentage of attack activity.”
Organized crime is the greatest threat. “The bottom line for protecting yourself is to make it too expensive to breach your organization,” advised Phatak. “Only a handful of your vulnerabilities are being exploited at any given time, and only a handful of those can bypass your security controls.”
“The bottom line for protecting yourself is to make it too expensive to breach your organization.”
Over the previous year, Internet Explorer was by far the most common target for breaches, said Phatak, but the target changes over time and this can happen quickly. In the past month, Flash has been catching up to IE as the favorite target. “You can see why taking a week to patch is a problem,” he said.
If attacks are getting through your security products, what do you do? Situational awareness is the key, which includes:
• Improving security product effectiveness through a data-driven approach
• Continuous monitoring to provide real-time feedback
• Decision support to enable automation
“The single biggest challenge is change. Your adversaries, their target applications, and the security products they’re bypassing are changing faster and faster.” To address this, Phatak recommends:
• Starting with the right data–information
• Creating a playbook. What will we do when “X” happens?
• Making the right investments in both technology and people
Phatak summed up: “The big game change is security insight and situational awareness—understanding what your adversary is doing so you can adapt in real time.”
ABOUT VIKRAM PHATAK:
Vikram Phatak is Chief Executive Officer and Chairman of the Board for NSS Labs, Inc. Mr. Phatak is one of the information security industry’s foremost thought leaders and a pioneer of Internet security.
In 1994, Mr. Phatak founded Intermedia Sciences Group, one of the first Internet service providers and Internet security consulting firms in the United States. Intermedia was acquired in 1999 by Teleflex Inc. (NYSE: TFX), a global Fortune 500 company. There he served as Global Director of Networks & Security for two years before founding Lucid Security in 2001. At Lucid Security, Mr. Phatak created “Adaptive Intelligence,” a groundbreaking intrusion-prevention technology deployed in hundreds of organizations worldwide.
In 2006, Lucid Security was acquired by TrustWave Inc., a leading provider of information security and compliance management solutions to Fortune 2000 companies. Mr. Phatak was named Chief Technology Officer at TrustWave, where he was responsible for the management and development of its technology product lines.
In 2007, Mr. Phatak acquired NSS Labs and has grown the company from a small business into the recognized global leader in security product testing.