​Surviving infosec’s perfect storm

Enterprise security is very complex and constantly changing. Gigamon’s CEO Paul Hooper says “Security is one of the most interesting attributes of enterprise infrastructure”.

Reflecting back over the past decade, Hooper says security is evolving faster than any other element of corporate systems. These changes are driven by a number of factors that are creating a “perfect storm” for security professionals.

For example, networks are becoming more pervasive and mission critical.

“The speed, scale and the breadth continues to increase in our home and work lives,” he says. “Networks are no longer nice to have – they are an essential element for life”.

Mobility of users, devices, applications and virtualised functions means systems that were previously static are mobile and agile. This creates a whole new raft of challenges.

“It’s resulted in the edge of the network vanishing. We used to talk about a vanishing edge,” he says. “Now it’s a vanished edge”.

Hooper says the industry also faces substantial asymmetry as CISOs and CSOs are trying to protect everything but attackers only need to find one penetration point.

“The symmetry is very much in favour of the attacker,” Hooper says.

The frequency of mega-breaches has changed the attitude of both the security industry and the general public says Hooper. When the first mega-breaches were reported the companies that were hacked suffered significant brand damage. However, that’s changing.

Very few people are changing their purchasing behaviours, still using credit cards at stores that have been breached. This has created “attack jaundice” says Hooper, where the world has become desensitised to large-scale attacks.

So, how is the industry responding? Hooper says this is happening in several different ways.

“There is a plethora of different options for protecting the enterprise that didn’t exist a few years ago. There’s also the ability to protect or provide a level of protection to every type of device. Although whether that’s adequate is another question entirely,” he says.

Hooper says the attacks of the past were reasonably well understood. The form, function, ferocity and vectors of the past were largely known and could be countered. However, today’s attacks don’t conform to the same rules.

Read more: ​Thales releases new security report – Aussies lead with employee error concerns

“The attack of today is very different and the industry has still not fully worked it out and has not fully responded to how we need to help enterprises respond to this new variety of attacks”.

The commoditisation of attacks means attackers can assemble the pieces required to execute a Day Zero attack with payloads and distribution tools readily available through online markets.

At the other end of the scale, Hooper says there are highly targeted attacks that use a significant amount of social engineering to complement the technical tools deployed by threat actors.

“The attack vector has diversified on a complete spectrum and the security has responded. But I don’t think the response has been enough,” he says, pointing to data suggesting there has been over $70B spent over the last year with massive numbers of enterprises being compromised – possibly without even knowing they’ve been breached.

Hooper says the issue facing the industry isn’t a lack of tools – it’s the need for a different architecture.

“We’ve brought together a solution that allows customers to deploy their existing security solutions in a more pervasive way. We can’t just deploy and hope”.

The key, he says, is to ensure the tools get access to enough data so they can detect and block breaches before they become incidents.

The other issue, says Hooper, is the integration of the many different security offerings in the market. After investing in the latest security tools and deploying them, companies are still being compromised.

“Security needs to be an all-encompassing thing that isn’t just technology. It’s also people. It’s also process. The utopian scenario we were all grabbing for a few years ago, where we can keep the bad guys out, has to go – it will never be the case. We will be compromised. The challenge or skill is to detect, react and break the chain,” says Hooper.

Join the CSO newsletter!

Error: Please check your email address.

Tags Vulnerabilitiescloud architecturesPaul HopperGigamon ANZCSO AustraliaSSL decryptionnetwork securityGigaVUE-VM Visibility FabricAnthony CaruanaIan Farquharcloud-based applicationsAnthony Caruana

More about Gigamon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place