The heightened risk of cyberattacks has the World Economic Forum warning large enterprises and those maintaining critical infrastructure that they best have an approach to addressing the matter of cyberattacks before a devastating event occurs. According to their findings, cyber-attacks are the second most concerning risk to global enterprises for the next ten years. With current health concerns, political tension, instability, and uncertainty across geographic regions, and increased nation-state activity and cyber warfare, it’s no surprise that businesses and regional infrastructure are being advised to gear-up and strengthen their cyber defenses.
As far back as 2015, attackers have shown their ability to knock out the electrical grids, halt shipping and logistics, disrupt rail transit, and turn refineries into localized weaponry. Like major enterprise web attacks, threats to critical infrastructure, and industrial operations have become the norm. Even in this unpredictable and turbulent time of uncertainty concerning the global pandemic, hackers are already at work, taking advantage of new vulnerabilities.
Whether intended to cause warlike damage or steal funds, ransom data and wreak havoc on vulnerable systems, facilitate espionage, or cause confusion, the most concerning cyber-attacks on applications are almost invisible until it’s too late. For a nation-state or the sophisticated bad a$$, digital tools that make up computerized systems are streamlining attackers’ efforts. Gaping holes in deployed software technologies that you trust provide the best means for an attack. Given the hundreds of vulnerabilities being discovered daily, one can only postulate everything becomes vulnerable and is fair game for use with today’s cyber offenses.
Organizations struggle to stay sufficiently equipped to fight the barrage of attack methods of which you may lack expertise or knowledge. Old standards are now revised to provide security guidance at a deeper level. NIST now contains a focus on memory protection, as with recommendations from commercial analysts such as Gartner with guidance on Cloud Workload Protection. File integrity and control flow integrity have gained much attention these days, but often lack the depth needed to prevent sophisticated malware attacks and the success of exploits on an already compromised system.
So many security practices are heavily centered around yesterday’s probabilistic security approach, using signature-based policies, time-dependent learning models, intelligence sharing, whitelisting configurations, and prior threat knowledge. It sounds like a mouthful and realistically creates just as much work for security and operations teams due to a lack of reliable automation. Moreover, even with the drive to innovate and shift left (testing earlier in the software development process), there remains a lack of emphasis on ensuring a real, more deterministic security focus that easily aligns with new applications and features in development. Although having serious concerns, the significance of security remains a lesser priority or an afterthought to the matters of “real business” and to be handled by “the guys who have expertise.” With that in mind, organizations remain at a disadvantage, and ultimately in a dangerous spot – remaining vulnerable as they wait for solutions.
Most organizations feel their security strategy includes the utmost advanced technologies focused on managing access, assessing traffic patterns, and preventing the majority of threats from ever reaching the application.
The worry is that 2-5% of attacks bypass these technologies and impose severe damage. With the cost of attacks and breaches amounting to hundreds of thousands for many, or millions, you can't overlook this concern.
In chatting with some remarkable folks out of the United Arab Emirates visiting RSA this year and a few key figures at Cisco, I learned about the fast adoption of runtime protection for control flow integrity making its way into the security plans for the most critical applications. These forward thinkers believe countering malicious events aimed at business-critical and operation-reliant applications requires another level of visibility from which they already depend. The threats that cause the most damage may happen only once and thus require fast action as software executes. Or they can persist for an extended period, as they did with the Marriott breach, and with antiquated protection methods, discovery and remediation are too late, after the malicious job completes. Absorbent costs then follow.
At RSA, the discussion centered around Runtime Application Protection that secures the entire stack, from the inside based on specific mapping of proper application execution. With this direct visibility and context, your security controls do not get fooled by external obfuscation techniques used to bypass conventional security. This method of application runtime assessment allows users to also validate applications during the development cycle in minutes, while protecting production deployments and communicating results to all stakeholders automatically without false positives – work that would take days or weeks with conventional tools. Ultimately, it facilitates a shift-left strategy that yields less vulnerable code based on immediate and heightened awareness of new exposures identified at runtime in production. As stated by dearest Sona Srinivana, Enterprise Security Architect Cisco, "effective Shift Left is a necessity, but you must always look right."