​Surviving infosec’s perfect storm

Enterprise security is very complex and constantly changing. Gigamon’s CEO Paul Hooper says “Security is one of the most interesting attributes of enterprise infrastructure”.

Reflecting back over the past decade, Hooper says security is evolving faster than any other element of corporate systems. These changes are driven by a number of factors that are creating a “perfect storm” for security professionals.

For example, networks are becoming more pervasive and mission critical.

“The speed, scale and the breadth continues to increase in our home and work lives,” he says. “Networks are no longer nice to have – they are an essential element for life”.

Mobility of users, devices, applications and virtualised functions means systems that were previously static are mobile and agile. This creates a whole new raft of challenges.

“It’s resulted in the edge of the network vanishing. We used to talk about a vanishing edge,” he says. “Now it’s a vanished edge”.

Hooper says the industry also faces substantial asymmetry as CISOs and CSOs are trying to protect everything but attackers only need to find one penetration point.

“The symmetry is very much in favour of the attacker,” Hooper says.

The frequency of mega-breaches has changed the attitude of both the security industry and the general public says Hooper. When the first mega-breaches were reported the companies that were hacked suffered significant brand damage. However, that’s changing.

Very few people are changing their purchasing behaviours, still using credit cards at stores that have been breached. This has created “attack jaundice” says Hooper, where the world has become desensitised to large-scale attacks.

So, how is the industry responding? Hooper says this is happening in several different ways.

“There is a plethora of different options for protecting the enterprise that didn’t exist a few years ago. There’s also the ability to protect or provide a level of protection to every type of device. Although whether that’s adequate is another question entirely,” he says.

Hooper says the attacks of the past were reasonably well understood. The form, function, ferocity and vectors of the past were largely known and could be countered. However, today’s attacks don’t conform to the same rules.

“The attack of today is very different and the industry has still not fully worked it out and has not fully responded to how we need to help enterprises respond to this new variety of attacks”.

The commoditisation of attacks means attackers can assemble the pieces required to execute a Day Zero attack with payloads and distribution tools readily available through online markets.

At the other end of the scale, Hooper says there are highly targeted attacks that use a significant amount of social engineering to complement the technical tools deployed by threat actors.

“The attack vector has diversified on a complete spectrum and the security has responded. But I don’t think the response has been enough,” he says, pointing to data suggesting there has been over $70B spent over the last year with massive numbers of enterprises being compromised – possibly without even knowing they’ve been breached.

Read more: ​Thales releases new security report – Aussies lead with employee error concerns

Hooper says the issue facing the industry isn’t a lack of tools – it’s the need for a different architecture.

“We’ve brought together a solution that allows customers to deploy their existing security solutions in a more pervasive way. We can’t just deploy and hope”.

The key, he says, is to ensure the tools get access to enough data so they can detect and block breaches before they become incidents.

The other issue, says Hooper, is the integration of the many different security offerings in the market. After investing in the latest security tools and deploying them, companies are still being compromised.

“Security needs to be an all-encompassing thing that isn’t just technology. It’s also people. It’s also process. The utopian scenario we were all grabbing for a few years ago, where we can keep the bad guys out, has to go – it will never be the case. We will be compromised. The challenge or skill is to detect, react and break the chain,” says Hooper.

Tags VulnerabilitiesSSL decryptionCSO AustraliaAnthony Caruanacloud-based applicationsIan FarquharGigamon ANZcloud architecturesGigaVUE-VM Visibility FabricPaul Hopper

Show Comments