The more context officials can add to a certain action, the more they will know about a potential breach.
SALEM, Ore. — When Target’s systems were breached in 2015, it was rumored that the cyber side of the house had the information it needed, but didn’t know it was looking at an attack that compromised its clientele's credit card information.
In just the last decade, threat vectors have evolved from the standard “known” perils of the cyber realm to the evolving attacks that change from discovery to detention within systems — and the ever-changing threats are not just a problem for the private sector.
During the Oregon Digital Government Summit held May 24, Bob Pelletier with Palo Alto Networks discussed the issues facing IT teams everywhere and how they could better defend their networks from bad actors.
According to the longtime security expert, the landscape continues to change despite the best efforts of teams around the world. The popularity of applications has led to threat vectors that experts can’t always predict and yet are prevalent within many systems.
“What it means is that the entire landscape has changed,” Pelletier said.
The encryption debate has also posed challenges for cybersecurity professionals. To decrypt everything coming or going through networks would not only be time consuming, but costly as well.
“This creates a real vulnerability for us in IT,” he said of modern SSL encryption.
In addition to multi-facet security protocols, Pelletier said IT leasers should only be focusing their attention on the unknown, which often presents itself in the form of unfamiliar URLs being accessed by employees — or at least the computers of their employees.
The more context officials can add to a certain action, Pelletier argues, the more they will know about a potential breach. He uses the example of two inconspicuous IP addresses communicating; when context is added, he said it may become clear that a local network is sharing files with an IP in China.
As more systems migrate to cloud environments, the systems engineer said it is important to carry over security as a built-in feature of the new systems. While data centers had to contend with their own challenges, off premise systems are also at risk.
His own company leverages cloud-based threat analysis capabilities, next generation firewalls and state-of-the-art endpoint protections.
Code testing within a secure, off-site environment, and subsequent reprogramming of potentially malicious code, allows for the system’s firewalls to learn the threat and prepare for it. Despite the additional layer of security, he does not recommend avoiding excellent end-point protections.
When all else fails, he added, the physical network is the last place cybersecurity teams can kill a potentially damaging bug before it detonates and affects data and operation