The war between data protectors and hackers seems to be as long and arduous as anything faced by the protagonists of movie epics like Lord of the Rings or Star Wars. As soon as the good guys counter one form of malicious intrusion, the dark side regroups and comes back with another malevolent technique. Can the odds ever be totally tipped in favour of those brave infosec battalions? You might be surprised to hear that the answer is “yes.” In this article, we’ll look at six ways that emerging technologies could be able to solve data protection issues.
It’s a well-known fact that most of us choose inadequately protected passwords and usernames for login credentials. This includes everything from email to social media and even personal banking – and the consequences can be catastrophic. We’re now well into the digital era and still struggling to explain the importance of unguessable/uncrackable password and username combinations. This is proof positive that more secure forms of authentication are needed, particularly when the tools used by hackers and crackers are becoming increasingly sophisticated.
The good news is that the tech giant Intel has arrived at a solution: to “bake” authentication protocols into the hardware of the user. Intel’s new Authenticate solution is implemented into its new Core vPro processor. It’s capable of combining several hardware-enhanced authentication factors at once to validate the identity of the user.
In the past, Intel has dedicated portions of its chipsets to security functioning as part of authentication processes, but its latest development takes things to a whole new level. It’s based on the premise that unbreakable authentication requires not just a username and a password, but a token, too. Ultimately, authentication with vPro will breakdown into these three criteria:
• Who you are (in the form of your username)
• What you know (your password)
• What you have (your device with hardware authentication)
Hardware authentication is of particular importance now that we, as a society, rely increasingly on the Internet of Things (IoT). Because IoT devices can control everything from lighting and heating in the home to production mechanisms in the business place, it is imperative that the network prevents persons or devices from gaining access to something they shouldn’t.
However, for the time being, the most immediate application for hardware authentication remains in traditional IT environments – most notably desktop computers, laptops and mobiles which use Intel chipsets.
As soon as a person’s password and username have been compromised, whoever holds the information can easily step into a network and get up to all sorts of cyber mischief. However, user behaviour monitoring can go a long way towards highlighting when an account has been compromised. Just as banks flag up transactions which seem out of character for the customer, so too can IT bosses with user behaviour analytics, or UBA.
UBA is a form of big data analysis which is used to pinpoint and highlight out-of-character behaviour by the user. It’s a relatively new security measure – but an important one which addresses a huge blind spot in network safety. When you think about it, it makes perfect sense: once an attacker compromises the credentials of a legitimate user and gains unauthorised entry to a system, what happens next? Is it possible to differentiate between the activity of a legitimate user and a hacker who has compromised an account before looking for other targets? With UBA, the answer is “yes”.
Essentially, UBA monitors activity and points out any movement that doesn’t fit into a user’s normal daily networking tasks – helping administrators to close in on attacks before anything malicious happens. It essentially exposes the middle link of the hacker chain – in between the initial penetration and the exfiltration of any sensitive data. Until now, the middle links (lateral movement and snooping around files) have never been easily visible to infosec professionals, which is why the interest in user behaviour analytics is growing.
Interestingly, the comparison of a user’s past and present behaviour isn’t the only way to identify a hacker with malicious intent. Peer analysis – a form of UBA – looks at the behaviour of an individual and compares it to those operating under the same manager or the same department in a company. This can often be a key indicator that somebody is doing something they aren’t authorised to, or that somebody has externally taken control of a user account.
Of course, UBA also has its merits as a training tool. Since one of the biggest problems in any company involves employees not adhering to company policy, being able to identify those who stray from the rules before mitigating the risks with extra training can be critical when it comes to protecting the entire business.
Encryption and tokenisation are key when it comes to the prevention of data loss. These techniques can help form a barrier around data, right down to field and sub-field levels. This can benefit businesses in several ways. For example:
• Attackers will be unable to monetise stolen data, even in the event of a successful breach.
• Data can be moved securely and used across the entire business network. All business analytics and processes can be performed on data even when it is in its protection form. This dramatically reduces the risk of exposure.
• Businesses can be aided greatly when it comes to data privacy compliance regulations – whether its personally identifiable information, payment card details or protected info (such as health details).
The number of records breached from businesses has grown considerably in recent years, which has been prompting an increase in security spending among SMEs. Because of the risks involved with data breaches, companies are seeing security spending as a necessity. After all, data breaches can result in fines, a huge decrease in consumer confidence and hundreds of lost hours trying to make all systems secure/repair any damage.
When it comes to data loss prevention, authentication plays a huge role. It is impossible to have good encryption without key management – and you cannot have key management without having strong authentication.
Deep learning combines a variety of technologies, including machine learning and artificial intelligence. Whatever you want to call it, there’s a huge degree of interest in it for infosec purposes. Just like user behaviour analytics, deep learning looks at any anomalous behaviour on a network. Ultimately, it’s important to understand where any malicious behaviour on a network comes from – and how it deviates from acceptable or legitimate use of a system, from a security perspective.
Deep learning is a valuable tool for looking deeper under the hood. When you look at activity on an enterprise network, there may be behaviour that isn’t user-triggered but is still malicious – and deep learning uses a slight adaptation of behavioural analytics to help flag-up any potential issues.
Instead of looking at user behaviour, deep learning focuses on “entities”. Recent developments in deep learning now mean that it can be used as a tool to scan entities which exist across the network at minute levels. A data centre, for example, can behave with its own patterns, in the same way that a user can. By identifying at micro and macro levels any deviation from this normal behaviour, deep learning can identify threats.
Essentially, deep learning has an ability that humans don’t – and that’s the ability to decipher between useful and malicious software in a matter of milliseconds, at line speed. The latest machine-learning technologies offer a significant advantage to infosec practitioners who want to decrease the time it takes to detect and eradicate threats.
Yes, we’re all familiar with the cloud by now – but it will continue to have a transformative impact on the infosec industry. As increasing numbers of organisations replace their on-premises IT solutions with cloud-based systems, this means that security protocols must evolve. Traditional on-premises techniques like firewalls, security hardware and intrusion detection are all easily transitioned to the cloud.
However, rather than businesses removing on-premises software security, they can ringfence cloud security with their own hardware system – making it doubly difficult for anyone with malicious intent to access sensitive data. With cloud-based solutions, the average small-medium enterprise can now have above-average security for their data centre.
Streamlining security processes with security orchestration can help save a lot of time and money. Security orchestration essentially connects different security tools and helps separated security systems to integrate. This automates the entire security process, or most of it at least.
On a base level, security orchestration makes sense. When you consider the volume of data generated by modern security tools, it’s only natural to want to connect each system or process with one another to help leverage automation, and actually get more value out of your processes, tools and employees.
Some would argue that the automation of security operations is no longer something that’s merely useful to have. It’s now a necessity since the management of multiple security tools has become too complex to manage manually. Furthermore, the management of such systems can be inefficient and leaves room for human error.
Let’s take, for example, a threat such as a phishing email. These can take significant time for IT teams to investigate, leaving the door open to human error while security analysts jump from system to system to check email content. The manual effort is simply too much of a risk. The good news is that security orchestration can allow for the automation of these routine investigation tasks and even execute them with much greater accuracy while leaving more time for human insight into the origins of the issue.
By implementing one or more of these solutions, your team of infosec warriors should easily be able to gain the upper hand and keep invaders out of your data. Of course, the battle is ongoing, and we daresay that the need for even more advanced technology will be upon us soon enough – but for now, may you stay safe with the above essential tips.
If you work in InfoSec, your company could be eligible for R&D Tax Relief. Get in touch now to find out more.