How to Enable the Enterprise to Grow Safely into Digital Channels
We use the Internet for everything. Our digital lives are now “mission critical.” We are always connected with every person, place, and thing. This has an immediate impact on the enterprise, with businesses rushing to stand up new and improved digital channels—web applications, mobile applications, social media profiles, and custom web-based integrations—that increase interaction with and support employees and customers.
The problem is, security teams are usually the last to know when and where the business has launched a new digital service or app. The result? We’re left open to breaches and theft of employee and customer data via rogue online activity or unknown, unmonitored, and unprotected digital assets.
Traditional Information Security is not Equipped to Secure Modern Digital Channels
The challenge: Traditional InfoSec controls such as firewalls, IDS, and endpoints were created to defend networks which were designed with defensible walls, like castles. However, these controls lack visibility into the outside world and are difficult—if not impossible—to deploy on digital channels. Attackers no longer have to breach the castle wall to get inside the network and steal data—threat actors now target an organization’s employees and customers directly.
The threat landscape has fundamentally changed, and hackers are 'wreaking digital havoc'. Attacks are successful because organizations have deployed traditional security technologies to harden the perimeter or endpoint but there is an easier path to getting hacked outside the firewall, and their adversaries know this.
To address this enterprises must look for ways to securely accelerate doing business across the Internet with an end-to-end security management program that exists outside the firewall. By doing so customers will be able to effectively deploy and leverage new technologies required to combat and defend against modern adversaries targeting an organization's growing Internet-exposed attack surface created by social media, cloud hosted services, mobile apps, and IoT initiatives.
External Threat Management (ETM) Made Easy
The four key elements of deploying a successful External Threat Management program are:
External Visibility: The first step is Discovery - creating a dynamic digital footprint of what your organization looks like on the Internet right now, from the perspective of your attackers (after all, you cannot defend what you do not know about). Today, most organizations have incomplete lists of applications they own in spreadsheets and GRC systems. Much of the supporting infrastructure, such as lists of domains owned, are stored in other departmental silos like legal. All of these pieces are essential to manage and monitor a modern attack surface, so we recommend performing a Baseline Security Analysis of your digital footprint so you can Detect what is most at risk.
External Control Enforcement: An organization needs to deploy controls to Detect where is at risk of breach, and where is being attacked. The speed of modern attack campaigns on the Internet means that detection controls must automatically support Mitigation & Remediation - the ability to block, or shut down, attacks as they occur before damage is done.
External Threat Incident Response(IR): Next, your organization needs the ability to Investigate suspicious activity or attacks on your digital assets. Modern adversaries increasingly deploy sophisticated and complex infrastructure across web, mobile, and social media to launch attack campaigns. They use this infrastructure to obfuscate their attacks, pivoting across multiple attack nodes to confuse and hide from traditional network-based investigation tools. A modern IR program needs access to comprehensive Internet datasets to effectively identify online attacks.
Mitigation and Remediation: Finally, your organization needs the ability to Mitigate or Remediate External Threats rapidly. Modern attack campaigns are smash-and-grab: the average web phishing attack campaign lasts 30 hours, and on social media, runs six to eight hours, with most of the damage in both cases occurring in the first few hours. This is no longer a human-solvable problem and requires automated detection and response to individual attacks. You don’t want to be alerted to online problems by the business, or worse, by the customer when they are victim to attacks. Ask yourself: Can you measure your mean time to detect and respond to external threats?
Benefits of a successful External Threat Management program
Information Security Teams that successfully execute an External Threat Management program enable their organizations to transact business over the Internet in a secure, predictable fashion and have the metrics to prove it. The main benefits we have discovered while providing ETM programs are:
- Proof that Information Security is proactive and aligned with company’s goals
- Increased customer confidence in the company’s online services and brand
- Preventing repeat attacks by identifying an adversary’s attack infrastructure, and shutting it down all at once avoiding “whack-a-mole” outcomes
- Increased cost of attacking you, thereby motivating an adversary to seek softer targets
The digital world we live in is evolving rapidly. Organizations face more pressure than ever to discover how to do business safely and reliably in this new world. Enabling our organizations to do business safely and reliably across new digital channels ensures that we all succeed.
About the Authors
Elias Manousos is the CEO and co-founder for RiskIQ, the cyber security company that helps organizations discover and protect their external facing known, unknown and third-party web, mobile, and social digital assets.
Gary Fish is the CEO and founder for Fishtech Labs, a technology accelerator fo CEO and founder for Fishtech Labscused on finding and creating solutions that deliver operational efficiencies and improved security posture.
Edited by Peter Bernstein