Being an information-security professional is a bit like being a goalkeeper in a football team: you can play a blinder all day but if you make just one mistake and your team concedes a goal, that’s all that anyone will remember. If your job is to defend your network from a vast array of threats, it will be expected that you’ll succeed most of the time – but the CEO probably won’t even know your name until that dread day when something gets through your defences.
And yet, as Rik Ferguson will show at this month’s RANT Forum event in London, it doesn’t have to be this way. Ferguson, vice-president of security research at Trend Micro and one of the UK’s foremost experts in information security, will argue that too much of the design and planning of security strategies is rooted in dated thinking; and that if businesses can’t stop pretending that attacks are inevitable, they’re never going to be able to give their infosec teams the equipment they need to properly secure their data.
“The traditional assumption behind security-architecture design and management is, ‘I will stop the attacker from getting into my systems and onto my network’, but that assumption is no longer valid,” Ferguson tells the Acumin Blog. “You have to accept the fact that if an attacker wants to get into your network he will get into your network: so you have to build your security based on the assumption that breach will happen, and your goal should be to discover that it’s happened as soon as possible and to get the right kind of intelligence to allow you to contain it and mitigate it in the shortest possible time.”
The reason the old thinking persists is rooted in the way security is structured and designed. The problem, Ferguson argues, is less about anticipating adversaries’ actions than it is about getting your own house in order.
“The way in which we approach enterprise architecture, from design through implementation and management, hasn’t really evolved over time – but the attackers’ techniques and methodologies have,” he says. “That should have led to a consequent change in the way that businesses do security, but we continue to focus on technologies in isolation. The firewall management team will manage the firewall; maybe the endpoint security management team will do the anit-virus; maybe you’ve got a separate intrusion-prevention team – but the extra intelligence, and thus security, that could be gained by bringing the management of those together is lost. And when it comes to picking up targeted attacks, that’s really the only way to do it.”
At November’s RANT Forum, attendees will learn something of the nature of the problem, and perhaps get some tips on how to respond. If nothing else, Ferguson promises they will leave with a few questions they can take back to the office.
“I’m going to offer up some examples of exactly what kind of attacks and breaches I’m talking about, to clarify that people actually understand what the threat landscape is today,” he says. “I’m going to talk about the differences in approach that that kind of attack necessitates. And I will at least leave the audience with a series of questions they should be asking themselves and their teams and their management that will enable them to build more effective, more chronologically forward-facing security.”
This is a chance to hear from one of the pre-eminent voices in the infosec world, and discuss the issues with him and other attendees in the industry’s liveliest debating forum. Join us at The Counting House, 50 Cornhill, London, EC3V 3PD, from 5:30pm on Wednesday November 27. Please apply for your place by contacting Gemma Paterson at Acumin on either +44 (0)20 7510 9041 or firstname.lastname@example.org