How technology is helping with protection and security efforts

Security has risen to prominence in recent years as the risks have intensified. With more and more information being stored electronically, the risk of theft or sabotage has increased too. What are the key trends you are witnessing today and the challenges organisations face in protecting themselves. How is technology helping with protection and security efforts? Which industries are using your services what does the future hold for it security?

The background:
Development in information communication technologies has brought about an accelerated information explosion and huge change in how information is being produced, processed, stored and communicated.

Information is now being made available in digital format accessed via electronic networks such as the Internet, and being stored or preserved in digital archives. In addition, digital information can be manipulated and disseminated very easily. Such forms of development have resulted in major concerns in the protection of digital information sources. We will examine some key trends we are witnessing today and challenges organizations are facing to protect information from being stolen, disseminated inappropriately or misused. We will explore how technology can help secure information, and how industry has been benefiting from the security tools, standardized policies and practices.

The utility of security tools:
We will examine the utility of several cutting edge technology tools like Data Auditing & Protection (DAP), Data Leakage Prevention (DLP) and End Point security implementation and understand how they can help protect or prevent data theft.

DLP is a cutting edge technology that monitors and prevents known content from leaving the edge of the enterprise via emails, Web, or IM-type applications. Newer versions of DLP have also started monitoring desktops and laptops to understand the type of data stored and track its movement to the edge. In contrast, DAP is a datacenter technology that monitors how data stored in databases and fileservers is being accessed, to track and alert on data breaches.
Data auditing is helpful for monitoring and detecting when data breaches result in a loss or theft – mostly from critical databases that house customer or financial data. Data leak prevention monitors confidential data leaving enterprises, typically via email. For most enterprises, both technologies are needed, but it is worth examining the relative value of the technologies.

DAP can understand when a user accesses and retrieves sensitive content from the source such as a database. DLP can monitor when the content leaves the enterprise, for example when the user emails the content from his/her PC. In most of the recent data theft incidents, data theft did not happen via email leakage but by users who hacked into the database or had credentials to access the database. Such users could then carry out the data via disks, tapes, or PCs. DLP cannot solve this problem effectively since it may not have visibility into how data was accessed. DAP is intended to address this visibility hole. Additionally, financial or credit card compliance regulations require visibility and auditing at the stored data level – a capability provided naturally by data auditing.

DAP can understand when a user accesses and retrieves sensitive content from the source such as a database. DLP can monitor when the content leaves the enterprise, for example when the user emails the content from his/her PC. In most of the recent data theft incidents, data theft did not happen via email leakage but by users who hacked into the database or had credentials to access the database. Such users could then carry out the data via disks, tapes, or PCs. DLP cannot solve this problem effectively since it may not have visibility into how data was accessed. DAP is intended to address this visibility hole. Additionally, financial or credit card compliance regulations require visibility and auditing at the stored data level – a capability provided naturally by data auditing.

The challenges:
Data leakage from the edge is usually a black and white problem. For example, if unencrypted credit cards or confidential data leave via emails, alerts need to be issued. As such, DLP needs fairly straightforward intelligence to detect unencrypted credit cards or known patterns of data. This is in contrast to data theft from a data server, which requires considerably deeper intelligence because data center breaches are much more complicated. Most access to sensitive content within database is likely to be legitimate. Only the fraudulent accesses, which make up a small percentage of accesses, need to be detected and alerted on. This means that a DAP solution must have the intelligence to understand the difference and detect anomalies based on unusual behavior. Data Auditing incorporates sophisticated intelligence to detect this type of theft.

The security experts often drilled home the importance of implementing security policies that are crucial to a reliable security framework.

The emphasis is quite distinct that the ‘internal threat’ to security is far too formidable than the ‘external one’.

This pointed fingers to several situations that lead to security lapses, which are largely committed either by an ignorant employee, a gap in the security policy or a glaring error in implementation of standards and practices.

It’s important to understand ways to mitigate the new risks in security which will include strategies and methods organizations use to protect themselves. There is a lot one can learn from case studies of hacker attacks.

This also brings the focus on skill sets of security professionals who directly or indirectly shape policies, or implement tools and standards. There is a dire need for making use of forensic skills to help prevent many disasters relying on core competencies.

It’s imperative for organizations to perform vulnerability assessment, penetration testing, risk assessments & gap analysis to sustain a secure work environment.

There is a growing concern for protecting business information, which is regarded as the most vulnerable, under the current circumstances.

Many corporations have a rude awakening after being at the receiving end of malicious attacks that lead to ‘web defacement’, ‘identify thefts’, ‘data leakages’ ‘phishing’ incidents and so on.

We have been approached by a few government agencies, banks and educational institutions in the middle-east region. They have invested in the best-suited technology. We are progressively helping them to adapt to the tools by giving them ample technical skills in making best use of it. More importantly we are helping them design and implement security policies, which I deem is the heart of the protection mechanism.

I must say that we see a refreshing change in the approach to security, as earlier the focus was merely on implementing security tools and there were glaring gaps in security policies, or ignorance in implementing compliance standards.

We have recently witnessed eagerness by many IT managers and Network Administrators to cut through the vulnerable patterns and adhere to a defined security policy. This may appear like a success story that is replicated across the industry. However the reality is that only a few organizations can foresee the larger picture on their own. The security space is vast and there are several unknowns that baffle decision makers within the organization. Security consultants have a vital role in understanding compatibility of products in the endpoint security ensemble.

The discerning choice of firewall, spam filter and anti-virus tool and their intricate role in end point security is indispensable. One has to envision the utility of a tool and its effective implementation in a network. We have noticed that many organizations use around only 15-20% of the security features, and this ‘tunnel vision syndrome’
only leads one to a conclusion that there is a limitation in a security tool.

We have attended many calls for digital investigations, security audit, vulnerability assessment, data leakage prevention in the last six months. We noticed that there is a heavy reliance for protection on security tools, while there are distinctive gaps in skills and awareness required for shaping security policies and enforcing standards’.

Government agencies have sensed the need for intricate levels of monitoring and tracking data from its source and its progressive stages of dissemination. They have invested in digital investigation tools from Guidance Software, which offers ‘Encase Enterprise’, rated by the industry as the world’s leading digital investigation platform.

Our Endeavour has been directed towards helping our customers make best use of the prevailing technology. We have invested heavily in people skills like Ethical Hacking, Network Architecture, Digital Forensics and security product expertise encompassing technologies from leading vendors. This has aligned us

It’s quite evident in the current scenario that investment in information security cannot afford to take a back seat despite the economic slowdown. Several businesses have acknowledged the returns on investment in best-suited ‘Security tools’ and ‘people skills’.

Future trends
Success in business will also be defined by ability to protect business information despite volatile situations posed either by internal or external threats.

Our consultancy teams often report that non-adherence to compliance standards is a niggling issue. In most instances, there is little we can do, as compliance standards are not yet mandatory in some organizations that we consult with. We are making an effort to create awareness. I am sure that internationally accepted standards will soon be making its way into several work spaces across the middle-east region.

Fortifying work environment will remain an ongoing challenge, as I don’t foresee any known method to dispense with it. What the future holds for security space is anybody’s guess. The challenge I deem will only get thicker. However as security consultants, we can put our ears to the ground and amplify our senses to probe danger lurking in the big and wide info highway. Users will definitely get smarter than what we see today and so will the attackers. So the vicious cycle of survival in the cyber jungle will persist.