The nature and scale of threats organisations are facing have changed the dimensions of cyber security. It’s no longer about protection alone, but also about hunting down new malware, says Brian Dye , Corporate Vice-President, Intel Security Group - General Manager, Corporate Products. Speaking to The Hindu during his recent visit to Bengaluru, Mr. Dye said the industry was now automating the fight so that an organisation’s security team can focus better on targeted attacks. Excerpts from the interview:
Threat defence lifecycle
The industry has moved from ‘protection’ to ‘threat defence lifecycle’. This involves protection (keep the bad guys out), detection (find them when they have got inside the network) and correction (stop them before they do the damage). Once malware gets in, which could take minutes to hours, they will be there for months. That is when they get past the defences, and search the network for required information.
B. Pradeep Nair Attack lifecycle
The attack lifecycle is about 100 days; that is the time when the protection has been bypassed to when it has been fully contained. If we can bring that time from 100 days to sub-one hour, we are changing the game.
Scale of attacks
Let me give you some numbers. One large organisation was attacked in the previous 12 months 330 billion times. That turned into 30,000 security events that had to be investigated and 3,000 security incidents that had to be responded to. Even a 0.001 per cent change in protection effectiveness can be damaging.
The security team is outnumbered. For example, a company that does hacking has over 200 people, but on the other side, an organisation of 10,000 employees has 15 people for security. That means, 15 people are playing defence against an attack mounted by over 200 people.
Vulnerable CEO
The number one attack vector has been phishing for several years. A quiz conducted by Intel Security in April this year showed that 97 per cent of people globally were unable to correctly identify phishing emails. Top-rung executives are very vulnerable. One, they get more important emails; two, due to paucity of time they spend pay less attention and time on each mail.
On automation
There are run-of-mill attacks in huge volumes, and there are a small number of highly targeted attacks.
The trick is to automate the fight, so the security team can focus better on the targeted attacks.
The definite threats are blocked. There are also the “may-be-a-threat” kind of malware, which are routed automatically to a system that has a lot of information. We put them into an operating system environment not your laptop, and we let it run and find out what it does. The solution automatically detects the threat, categorizes it, and blocks it; protecting the organization from a range of attacks.
Safety of cloud
Safety depends on how the user behaves. An additional layer of security is one solution. Suppose a company has a policy of using only one cloud server. Let us call it A. If an employee logs into another cloud service B, he is notified that it is not the approved application. He is redirected to A. When he logs into A, we create a McAfee-protected folder, with an additional layer of encryption. We have the technology to differentiate between confidential information and personal data. While personal data can be stored wherever a user wants, the confidential information can be put only in the secure folder.
