SANTA CLARA, Calif. — When it comes to cybersecurity, there are two strategies. The first is reactive and is put into motion once security protocols have failed. The second, the proactive approach, can take you down the proverbial rabbit hole and into a world of intelligence gathering that puts you across the virtual table from those who might be coming for your secured data.
At least this is how Alert Logic’s Stephen Coty described the strategy options to attendees of the 17th Cloud Expo this week.
The longtime cybersecurity expert warned that system breaches are not the only threats posed by those with access to sensitive information.
He used the case of the recent Ashley Madison breach, in which the emails of users were compromised, as an example of how a bad actor could leverage an employee’s organizational data as a tool for blackmail.
“It raises questions for us as security people. How do we get proactive about that?” Coty said. “We have to search those data dumps as quickly as possible when they come out because we need to know if we have any exposure out there.”
While comprehensive security tools are considered a necessary best practice, they are often not enough to completely eliminate the threat of data loss without additional efforts.
“We are getting breached on a day-to-day basis, and we’ve really got to start getting ahead of these things. Right now we’re in such a reactive mode,” Coty said. “We defend against these attacks by deploying security architecture, which is what we’re supposed to do. This is the right thing to do.”
But he warns not all of the security tools translate effectively to cloud-based systems.
Coty also cites the weakness of applications as the No. 1 attack vector among organizations. Much of this problem stems from the software development process and the fact that developers are not adequately focusing on security during the development life cycle.
For more effective security, Coty said the use of a security incident manager can help to compile reports of a series of events that may otherwise seem unconnected.
In his role as the chief security officer, Coty also advocates for hunting the hunters on popular underground trading posts and even buys malware from sellers.
Through the use of honeypots, or traps designed to attract and monitor hacking activity, and the collection of intelligence through relationship building, Coty said security teams can better assess who might be coming for their information and how.
By purchasing malware available through underground sources and developing relationships with the sellers, companies can reverse engineer threats to find the code’s “kill chain” and begin to form a threat profile.
“The better you understand your adversary, the better you’ll be able to be proactive about [security],” he said.
According to Coty, companies and their security teams need to be more focused on information sharing as a preventative tool for the larger security community.
“This is the key to getting preventative and getting ahead of these guys, but it doesn’t stop just with you,” he said. “We’ve got to start getting better at information sharing.”