Roundworms and cyber security

AlastairCorbett.jpgBy Alastair Corbett

 

My father was a leading nematologist. This is the study of roundworms, something which has been a serious concern in agriculture since the 19th century.

 

He was working on the problem of how these worms could be prevented from destroying agricultural crops. His study found that constructing barriers around crops in the hope that nematodes would be unable to enter the “safe zone” was over time ineffective since the worms will eventually break back into the area.

 

It was recognised that it was not possible to prevent the nematodes from gaining access to the agricultural land, so the best approach was to introduce direct hardening of the plants and dynamic attacks on the intrusions. The biological techniques involved the development of nematode-resistant plants together with the use of parasites that would detect and effectively eat the nematodes.

 

Er, so why all the worm talk?

While this research was going on decades before the term “cyber security” had been coined, it seems to me that it directly parallels the management of IT security threats that we have to deal with today.

 

While barriers are erected on the corporate boundaries in the form of firewalls and intrusion prevention, it is well known that the majority of successful breaches occur within this “safe zone.” Intruders will get access to the inner environment, so other measures must be taken.

 

Porous barriers

When my father was doing his research the idea of the barrier to protect the company would have been sufficient – a mean-looking security guard on the front door did the trick. However, as we’ve allowed customers, partners and staff access corporate IT assets from outside this barrier we’ve had to make holes in it.

 

And just like the worms, threats will find their way in. This means that we need to build security within the organisation as well. However, application vulnerabilities still account for 84% of all breaches[N1] [1], but companies are spending five times more on boundary and blocking security than on protecting applications.

 

This imbalance represents the still-dominant, out-dated view that protecting the boundary is the highest priority. It’s also the action that can be taken without training software developers to design more secure applications.

 

We shouldn’t ignore the insider angle either. Just recently police arrested a Morrisons supermarket employee in connection with the theft of 100,000 employee payment details. This kind of news is also evidence of the value of information to IT attackers.

 

Threat intelligence

According to a Ponemon report, 60% of organisations are unable to stop exploits because they don’t have any useful threat intelligence. At the same time, the number of security breaches in 2013 was up 20%, with the cost of breaches increased by 30%. Organisations are currently fighting a losing battle against attackers who have higher investment and lower ethics.

 

By detecting and defending against threats once they’re inside the corporate network these statistics can be turned around, delivering benefits to both profitability and reputation.

 

Better apps

So with boundary protection some attacks can be blocked; with threat intelligence suspicious activity can be identified and made safe; but what if the attack gets into the application?

 

Development teams are still making the same mistakes in terms of security as they have for a long time. Software developers need to have better training to help get this right the first time.

 

In our age of fast development cycles, delivering good, functional, stylish and secure apps is critical. If the app goes out to customers on time then the business benefits. However, if it introduces a new attack vector then the costs could be crippling.

 

New style of IT security

There has to be a better approach. IT security has always been a distress purchase. Companies will spend the money on the obvious, as demonstrated by the high proportion of spending on boundary security solutions.

 

But paying for other, internal, ways of managing threats has tended to be as a result of costly security breaches. In most situations, the up-front cost preventative measures would have been paid for many times over.

 

New approaches

This isn’t just about purchasing a new golden-bullet tool that will cure all. It’s about developing both people and processes.

 

Staff need to be more aware of their actions in terms of IT security. And software developers in particular need more training in the techniques of producing and testing apps which are secure and resilient to attack.

 

There also needs to be more collaboration between organisations, sharing information about live threats and attacks. Having a combined front against security threats benefits us all.

 

New tools

In terms of tools, the HP Fortify tool for application security testing ensures that apps can be hardened against known vulnerabilities, very much like building nematode-resistant plants.

 

This can be used in combination with the HP ArcSight tool that gives real-time security analytics to identify and block suspicious activity.

 

And of course we still need to protect the boundary. With HP TippingPoint we can deliver real time protection against potential threats.

 

How about you?

How much does a successful attack cost your organisation?

 

Do you spend significantly more on border vs. internal IT security?

 

Have you had new software introduce new vulnerabilities?

 

Next time I’ll be looking at the importance resilience in IT. I’ll be considering how organisations can monitor and analyse the current situation and then make sure that responses to problems are as fast, error-free and comprehensive as possible. 

 

Alastair Corbett leads HP’s UK&I Software Business Unit and has responsibility for its strategy, the promotion and selling of the IT Performance Suite and related services. Prior to this role, Alastair was responsible for defining the new sales strategy and go-to Market models for Worldwide Software Sales, and before that, he successfully led the Worldwide Services Operations team for HP Software. Alastair joined HP from Peregrine as a result of the acquisition in 2005, where he held the role of VP International Operations and was responsible for all Finance and Operations activities in EMEA and APJ. He also led the integration activity for EMEA, as well as leading the Sales Operations function.

 


 [N1]Art Gilliland at the RSA Conference

Comments
IT support-247experttechs(anon) | ‎08-21-2014 11:01 PM

please keep sharing of knowledges with us.Thanks a lot for your great posting.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
This account is for guest bloggers. The blog post will identify the blogger.
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.