New Technologies, Critical Groundwork Bolster Cybersecurity in 2018

While cybersecurity continues to become more complex and harder to manage, there are bright spots on the horizon in 2018, in the form of new technologies and policies. There are also steps organizations should commit to taking in the months ahead to help keep their data secure.

First, the new stuff.

Deception technologies

Deception technologies provide realistic-looking IT resources (servers, accounts, etc.) that act as decoys for would-be attackers, alerting security teams when accessed. The goal of these systems is to increase the likelihood that internal security teams will detect intruders in their networks. Deception technologies are becoming more stable and sophisticated now that they've been in the market for several years and can be a great option for customers who can't afford a modern cyber hunting program or those who want to deploy additional detection methods alongside existing security operations.

While these systems are impressive, some work is still needed to determine which versions of deception are the most effective, especially when taking into account how difficult some systems are to deploy. This approach also hasn't reached wide adoption yet, so we still haven’t seen how sophisticated attackers might react to these systems. Modern security operations should be looking at deception technologies and other teams may want to dip their toes in using honeypot user accounts or other options that require limited investment.

AI and machine learning

The revolution in Artificial Intelligence and modern machine learning over the last couple of years is already impacting many industries; security is no exception. These systems offer impressive results when tuned correctly and represent a fertile research area for additional work.

Unfortunately, there’s also a lot of hype in this area, and many vendors will include “AI” or “machine learning” branding on existing products or systems that don't represent a material improvement over previous technologies. Additionally, most of these systems require building yet another analytics platform, which can be an expensive proposition for many organizations. There will be great advances in AI and machine learning in 2018, and for some use cases, they may already be here. Hopefully, the coming year will see the froth on this market calm down and real systems emerge that integrate with existing platforms to actually improve our defenses.

GDPR

At Rackspace, we've had numerous conversations with our customers about the General Data Protection Regulation, a comprehensive set of new data privacy laws which must be adopted by every organization with customers in the EU by May. It’s become a hot topic both because of its approaching due date and the penalty clause it carries — four percent of global revenue if an organization is found to be non-compliant.

One of the biggest mistakes we see customers make is focusing on achieving a particular compliance regime (be it GDPR or Payment Card Industry Data Security Standard) directly instead of building a unified policy framework that will help their organization meet current and future compliance needs. The goal of an organization’s security and compliance teams should be to meet GDPR, while the goal for the rest of the organization should be to use the tools and processes provided by the security team to meet their own policy framework. Let the security team map controls and prepare evidence, that's what they are there for.

And that brings me to some critical steps companies should take to help harden their own defenses.

Application inventory

When working with customers who use Rackspace Privacy and Data Protection or Managed Security, some of the first questions we ask are:

• What systems do you have?
• Where are they?
• How important are they to your business?

We find that, too often, customers are unable to answer these questions. To build a security operation that takes into account company risk and allocates resources effectively to reduce that risk to an acceptable level, that operation must know what it’s protecting, where those assets are and how important they are to the business. This can't be built in a silo,. It requires collaboration with other parts of the business and should drive conversations about change management and other processes that look a lot like those in the governance section below.

Attack surface reduction

A modern security operation assumes adversaries will get into internal systems. Long gone are the days where firewalls or IPS systems could keep adversaries outside a perimeter. In fact, most organizations we talk with today are using multiple clouds, including IaaS, PaaS and SaaS services. This means most organizations don't have a perimeter to protect.

The most effective way to reduce the number of times an adversary gains access to an environment (as well as the number of investigations that need to be performed by the security operations team), is to limit an organization’s total attack surface. This includes traditionally unsexy and difficult processes such as patch and vulnerability management, but it also includes new investment opportunities in other security models, such as Software Defined Perimeter or BeyondCorp.

Governance

One of the most underinvested areas of security is governance. There are many reasons for this, both organizationally and market-driven. Many smaller or less sophisticated customers lack the security leadership needed to build out governance — due to lack of focus and lack of funding. Additionally, we see an over-emphasis by the security market on a tools-based approach to security. This makes sense as most security companies are selling tools, but the seemingly-endless string of security breaches over the last few years tells us that tools alone can't protect a company.

A governance function should help understand the risk to the business, prioritize the protections needed, shepherd investments, build strategic plans, handle policy framework maintenance and measure the effectiveness of the operation. While this can sound overwhelming, especially to organizations without security leadership, it doesn't have to be. Having an incident management plan in case of a security incident is a great place to start and there are lots of free resources to help build one.

Do you have questions about your organization’s security posture? Visit Rackspace or contact one of our specialists to find out more about our managed security services and the ways we’re helping businesses defend against evolving cyber threats.