Security experts and government officials are buzzing about how to manage our digital economy. With the rise of mobility and cloud computing, infinite amounts of data are flowing across massive networks. But more (and more accessible) data means more risk, as sensitive information becomes susceptible to large-scale cyber attacks.
RSA, the largest annual cyber security conference, kicks off today in San Francisco, where security thought leaders and policymakers will discuss the imperative of keeping our critical infrastructure and data secure. This year the conversations at RSA are more crucial than ever, as an emergence of nation-state actors and attacks on critical industries have made cyber security central to the national security conversation.
Given the number of successful attacks we've seen in the last year, it's apparent that the security community is in need of a new approach. We can no longer afford to sit back and wait for attacks to hit our perimeter and hope that we can stop them -- that simply does not work. We must transition to a proactive stance, learning from intelligence and military tactics to more effectively anticipate and thwart attackers even before they attack, as well as mitigate the effects of the attacks they do successfully launch.
- Identify Attackers, Rather than Chase Yesterday's Attack: Vaccines are effective in protecting us against strains of disease we have seen before, but are not nearly as effective against new strains. Signature-based security approaches, such as anti-virus, are similar: They protect only against attacks we have seen before. Attackers can create a new virus or mutate an existing one with little more than a click of a button. So is it really surprising that anti-virus isn't nearly effective enough?
In addition to protecting against known attacks, we must get better at finding and monitoring attackers. For example, we can insert fake vulnerabilities, tar traps, throughout a web site and definitively identify hackers when they probe them. As a result, we can now watch them, and we can stop whatever attack they might eventually launch. This attacker- and intelligence-centric approach has been the lynchpin of counter-terrorism success for centuries, and it can be applied just as effectively in cyber security.
For example, firewalls collect a myriad of information about applications and protocols of specific connections, routers can provide information about traffic patterns, intrusion prevention systems have application usage information, and mobile devices can provide data about targeted attack types. This information can be used to create a more complete picture of anomalous and suspicious behavior. Imagine thousands and thousands of simple routers becoming part of a network defense infrastructure enabling the detection and blocking of botnets the minute they launch.
And the next generation of security is much closer to reality than you might imagine.
Follow Juniper Security on Twitter: www.twitter.com/@JuniperSecurity.