02/26/2013 06:59 am ET Updated Apr 28, 2013

Hackers Can Be Seen, If Only We Would Look

Security experts and government officials are buzzing about how to manage our digital economy. With the rise of mobility and cloud computing, infinite amounts of data are flowing across massive networks. But more (and more accessible) data means more risk, as sensitive information becomes susceptible to large-scale cyber attacks.

RSA, the largest annual cyber security conference, kicks off today in San Francisco, where security thought leaders and policymakers will discuss the imperative of keeping our critical infrastructure and data secure. This year the conversations at RSA are more crucial than ever, as an emergence of nation-state actors and attacks on critical industries have made cyber security central to the national security conversation.

Given the number of successful attacks we've seen in the last year, it's apparent that the security community is in need of a new approach. We can no longer afford to sit back and wait for attacks to hit our perimeter and hope that we can stop them -- that simply does not work. We must transition to a proactive stance, learning from intelligence and military tactics to more effectively anticipate and thwart attackers even before they attack, as well as mitigate the effects of the attacks they do successfully launch.

  1. Identify Attackers, Rather than Chase Yesterday's Attack: Vaccines are effective in protecting us against strains of disease we have seen before, but are not nearly as effective against new strains. Signature-based security approaches, such as anti-virus, are similar: They protect only against attacks we have seen before. Attackers can create a new virus or mutate an existing one with little more than a click of a button. So is it really surprising that anti-virus isn't nearly effective enough?

    In addition to protecting against known attacks, we must get better at finding and monitoring attackers. For example, we can insert fake vulnerabilities, tar traps, throughout a web site and definitively identify hackers when they probe them. As a result, we can now watch them, and we can stop whatever attack they might eventually launch. This attacker- and intelligence-centric approach has been the lynchpin of counter-terrorism success for centuries, and it can be applied just as effectively in cyber security.

  2. Create Actionable Intelligence through Superior Analytics: We need to bring the promise of big data and analytics to security. The availability of big data infrastructure such as MongoDB and Hadoop make it possible for massive pools of data to be analyzed for insight. Big data analysis is prevalent today in many industries. In the health community, for example, it is being used to create a data-driven approach to medicine that can correlate seemingly unrelated events to provide better and more predictive care to patients. By similarly leveraging big data technologies to automate the analysis of security data available, we can create new forms of actionable intelligence.

    For example, firewalls collect a myriad of information about applications and protocols of specific connections, routers can provide information about traffic patterns, intrusion prevention systems have application usage information, and mobile devices can provide data about targeted attack types. This information can be used to create a more complete picture of anomalous and suspicious behavior. Imagine thousands and thousands of simple routers becoming part of a network defense infrastructure enabling the detection and blocking of botnets the minute they launch.

  3. Track the Attackers... Globally: Finally, and perhaps most importantly, seeing and tracking an attacker on a single website, watching every move they make, is incredibly powerful and effective at keeping that site secure. Imagine, then, the power of tracking the attacker as they move from site to site looking for opportunities to steal data. Tracking not based on an IP address, which is easily thwarted, but by using a unique and persistent fingerprint. Just as global fingerprint databases changed law enforcement, such a capability could fundamentally change cyber security, allowing defenders to effectively collaborate in defense rather working alone.

    The imperative to keep critical data and infrastructure safe by creating and sharing actionable intelligence around the world in real-time, and by proactively and definitively identifying and tracking attackers, drives Juniper's security vision.

And the next generation of security is much closer to reality than you might imagine.

Follow Juniper Security on Twitter: