The new security paradigm shift (2)

After some time postponing this article I finally decided to sit down and finish it. In the first post:

 https://samuelalonsog.wordpress.com/2015/10/28/the-new-security-paradigm-shift-1/

I described the evolution of security for the past 15 years until the current day.

Today I want to show you the current landscape and guide you to understand how to tackle the new security paradigm unfolding in front of us. The best ways to do this is with this article,

https://securelist.com/analysis/publications/72652/beaches-carnivals-and-cybercrime-a-look-inside-the-brazilian-underground/

Now you may be thinking, and what!?

After I read the article, I confirmed what I have been suspecting for some time.

I chose the wrong career! No, I am just kidding.

These are simply a bunch of crooks however it seems to me that:

  1. They are very well organized and connected
  2. Specialization and networking is key to their business
  3. They adapt quickly and have a performance based salary
  4. Looking at their picture, they work hard and play harder…
  5. Motivation is constant

This is only one of many gangs around internet, I would consider them the less sophisticated threat but still very effective and harmful. They even have a HR department to recruit new members… it seems like a joke. If they get hold of your bank account or data there will be no compassion.

I believe this shows and puts into context what I already commented in my previous post. The profile of those “practising” security has drastically changed, from a bunch of curious kids to a very sophisticated threat actor; all of them with different motivation but only one objective – to take control of your assets and monetize them or make some sort of benefit from it.

Another question that was raised in my previous article, what has happened with technology? Technology is now everywhere! in your company and in  your home…and therefore we are surrounded by vulnerabilities all day.  All these technologies were design by humans and human activity leads to error, our technology being a reflection of our human condition.

In contrast to previous generations – we have almost been born and have grown with technology, and knowledge is not a privilege anymore, therefore the cost to get into this game is very small for anyone.

Where do I want to get with all this? Simple, how do we have to approach security in a world with asymmetric threat actors and technically imperfect? How do we stop a constant growing force of threats?

A good starting point is to accept that we cannot stop all threats,

  1. The number of threats is enormous
  2. Resources are limited, they always were

So? In the past decades the emphasis was put on enforcement and automatic detection of threats with Antivirus, IDS and Firewalls. Security operators were comfortably sitting inside their castles waiting for an attacker to come their way. The number of threats were so small those days that automation was working and false positives were small.

Today, the perimeter is getting disintegrated and is not going to last forever. I do not want to extend on this however it is a reality. Check my previous post:

https://samuelalonsog.wordpress.com/2015/08/14/bypassing-perimeter-security-and-malware-evasion-1/

The AV is not dead as it is been claimed however its efficacy has been diminished and it is now an important player in a layered defense architecture.

 Yesterday’s approach cannot be sustained any longer as the landscape has drastically changed in sophistication and number.

The new approach is one in which priorities have changed:

triangle11-275x300

We cannot enforce as much as we used to and now intelligence & policy is at the top of the pyramid to provide enforcement to a small number of threats.

In this new approach all devices and applications in the infrastructure have to be capable of adapting to new threats through the use of threat intelligence.

On the other hand, the number of incidents to stop are related to the nature of your organization. Threat modelling has to play an important role in your risk management program.

Understanding your organization, its activities and assets, political and social environment in which it operates, and lastly the technology that it operates will provide the grounds to start threat modelling and define your risk management program.

If you know yourself you will understand your vulnerabilities better and therefore you will be better equipped to fight the threats that are the result of your own vulnerabilities.

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s