Page 40 - index
P. 40
2015: The Year Of The User In Cyber Security
by Idan Tendler, Chief Executive Officer and Co-Founder, Fortscale
“Perimeter Security” is nearing the end of its historic run. Revolutionary new approaches are
emerging and are looking to replace the age-old model with bold statements and promises of
innovation. But can these vague promises really deliver the desired change required to
successfully battle the sharp increase in cyber risk?
It’s no secret that attackers’ success rates against major retailers, banks, and healthcare
providers are at an all-time high. Behind just about every headline regarding a massive data
breach, sophisticated attack, or stealthy rogue insider leak is a trail of outwitted end-point
security products tossed aside by skilled attackers who have learned how to evade the
defenses these products once provided. With attacks becoming more personal and
personalized, and crafty social engineering enabling access to more secured targets, it's clear
that a different approach is required. The bottom line is that most issued security software and
appliances are failing daily in blocking intrusions and identifying leaks.
For years, the security industry has focused on cracking the digital fingerprints attackers are
leaving behind. However, we have been so caught up with figuring out all the different ways
there are to crack operating systems and common applications, we have forgotten about the
person behind the far end of the keyboard.
Here is another important thing that has happened over the past couple of years: attackers are
simply better. An unprecedented proliferation of advanced cyber knowledge has led to the
entrance of a new generation of hackers that are more organized and better equipped than in
the past. Customizable exploit kits are widely available and contain flexible backdoors and
malware that can easily be altered to fit any desired destination.
Moreover, attackers facing a pre-ordered and neatly packaged security layout thrive with
endless opportunities to infiltrate and cause damage. The domination of a closed group of
security vendors in a small, but selective, service market led to the formation of custom-made
attack packs, making a successful attack a matter of perseverance more than a matter of skill.
In this landscape, the only way to take matters into our own hands is by developing
methodologies that create an improved combination of technology and practices. Threat
distinction and threat classification are two exciting new ways that help organizations better
describe and better prepare against specific threats that can cause the organization actual
damage. By producing specific and precise modeled descriptions of potential attack vectors and
rogue network usage, organizations arrive better equipped to the complex market of security
services and achieve the correct balance between in-house talent and bought security products.
Threat distinction and threat classification are rooted from one simple cyber-philosophy – the
“User-Centric” philosophy. As “user-centralists,” we primarily have one thing in mind: “Protect
40 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
