Cybersecurity is entering a new phase that requires IT organizations to put processes in place that are capable of continuously identifying potential threats before they impact operations and detecting them once a breach occurs.
Don Meyer, head of marketing for data center at Check Point Software Technologies, said that shift represents a new fifth era of cybersecurity that requires a mechanism through which cybersecurity intelligence is shared across a layered defense in real time.
Today, most organizations unfortunately still rely mainly on firewalls and anti-virus software that are not integrated in any meaningful way, said Meyer. That’s become problematic, because cybercriminals are becoming more adept at launching polymorphic attacks targeting multiple potential exploits. For example, a distributed denial of service (DDoS) attack may be intended to serve as a distraction as endpoints are being targeted. In some cases, the only purpose of these attacks is to implant malware that hijacks IT infrastructure to mine cryptocurrencies.
To effectively respond to those threats, an IT organization needs a central control plane through which companies can coordinate their response to threats to applications and infrastructure running in the cloud and on-premises. Given the increased volume of attacks and the ever-expanding size of the attack surface that needs to be defended, Meyer said it’s only a matter of time before organizations find themselves relying more on big data along with machine learning algorithms and other forms of artificial intelligence (AI) to defend the extended enterprise.
In fact, Meyer noted that cybercriminals already have access to advanced hacking tools developed by the Central Intelligence Agency (CIA), for example. Cybercriminals are leveraging those tools alongside machine learning algorithms to more precisely identify and target vulnerabilities. Today, cybercrime is a trillion-dollar industry, and much of the profits generated are plowed right back into the development of more sophisticated means of launching attacks. Despite this, cooperation remains limited among organizations trying to defend against these attacks. Unless organizations find some way to share and act on threat intelligence data in real time, the odds will continue to be stacked against them, Meyer said.
Therefore, IT organizations need to move beyond deploying a series of uncoordinated point products to defend against one type of potential threat or another, he said. Rather, a modern approach to cybersecurity requires a much more coordinated response across multiple organizations that have committed to each other’s mutual defense.
It’s unclear where the center of gravity for cybersecurity intelligence will ultimately reside. Check Point and other providers of firewalls say their platforms are the most logical place to coordinate security across thousands of endpoints as well as any number of external cloud platforms. It’s obvious, however, that something must be done. The current status quo for cybersecurity is ineffective—not only will the volume of attacks continue to increase, the ability of IT organizations to discover and then remediate breaches is increasingly being taxed beyond any ability to keep pace.