1. IT-Security >
  2. Cyber Security Nachrichten >
  3. The Security Spending Paradox


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

The Security Spending Paradox

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen

A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best

In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches to information security and how to prevent being victimized by cyber-attacks. As always, the expo halls will be filled with the latest technologies, ranging from Artificial Intelligence, Container Security, Threat Intelligence, and Threat Hunting to Next-Gen Endpoint Security. But are these emerging technologies providing the effectiveness that is needed to defend against today’s dynamic cyber threats?

According to Gartner, worldwide security spending will reach $96 billion in 2018, up 8% from the 2017 spend of $89 billion. This statistic confirms that organization are incorporating emerging technologies in their existing security stack to minimize their cyber risk exposure. Meanwhile we’re experiencing a continuous increase in security incidents. Are these security investments paying dividends? 

The security spending paradox is reflected in several recent research studies. For example, a Dow Jones Customer Intelligence study finds that 62 percent of CEOs believe malware is the biggest threat to their organization. In another report, the  2018 Scalar Security Study, respondents rate Network Security (61%) or Traditional Endpoint Protection (49%) of higher (perceived) effectiveness than identity assurance and access controls (18%). Similar results were published by 451 Research in the 2018 Thales Data Threat Report, where network security (83%) and endpoint security (70%) scored highest in perceived effectiveness. These incongruent findings illustrate a lack of consensus in the industry on which attack vectors pose the biggest risk to organizations and the “identity crisis” in security. 

Many organizations don’t realize the impact that identity and access management has when it comes to minimizing the risk of suffering a data breach. A post-mortem analysis of the top data breaches in 2017, reveals that compromised identity was the primary vector in these cyber-attacks. As a matter of fact, a whopping 81% of hacking-related breaches leverage either stolen, default, or weak passwords.

In this context, organizations need to recognize that perimeter-based security, which focuses on securing endpoints and networks, provides no protection against identity and credential-based threats. Until we start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches. 

Still not convinced? Let’s look at some of the vulnerabilities that could be avoided by implementing identity-centric security measures:

● Insecure and publicly kept passwords;

● Using the same password across different applications and resources;

● One shared password for an entire group (e.g., admins), saved in a central location;

● Reliance on passwords rather than multiple factors (e.g., one-time password tokens, soft tokens, biometrics); and

● Over privileged user accounts being exploited.

Instead of following the traditional approach of “trust, but verify”, organizations should shift instead to a Zero Trust Security model, which assumes that users inside a network are no more trustworthy than those outside the network. The four main pillars of the Zero Trust Security model are: 

● Verify the User: Evaluate the security posture of a user based on location, device, and behavior to determine that users are who they say they are. Take the appropriate actions (i.e., multi-factor authentication) to assure user authenticity.

● Verify their Device: Whether it’s a corporate owned, BYOD, or public desktop, laptop, or mobile device, enforce access policies based on the device identity and security posture. Only allow access to the organization’s resources from trusted endpoints.

● Limit Access and Privilege: If the user and device are verified, a least privilege, role-based access model is enforced at the resource, limiting access to what each user requires for their job, while granting just-in-time access to specific applications and infrastructure for a limited timeframe.

● Learn and Adapt: Information is constantly being generated from various sources (from the user, their devices, and all activities related to them). Leverage machine learning to set contextual access policies, as well as adjust and adapt policies automatically.

The Zero Trust Security model offers a very pragmatic blueprint for implementing identity and access management-based strategies to secure applications, devices, data, and infrastructure – both on-premise and in the cloud. Since Zero Trust is not an all-or-nothing approach, it can be implemented in different phases, over time. Using this model, organizations can finally align their security investments with what works best for protecting their business against data breaches.

view counter
Torsten George is strategic advisory board member at vulnerability risk management software vendor, NopSec. Torsten has more than 20 years of global information security experience. He is a frequent speaker on cyber security and risk management strategies worldwide and regularly provides commentary and byline articles for media outlets, covering topics such as data breaches, incident response best practices, and cyber security strategies. Torsten has held executive level positions with RiskSense, RiskVision (formerly Agiliance), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell). He holds a Doctorate in Economics and a Diplom-Kaufmann degree.
...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu The Security Spending Paradox






Ähnliche Beiträge

  • 1. The Security Spending Paradox vom 120.16 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches t
  • 2. The Security Spending Paradox vom 120.16 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches t
  • 3. USN-3415-1: tcpdump vulnerabilities vom 103.91 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed
  • 4. USN-3415-2: tcpdump vulnerabilities vom 103.91 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • 5. The August 2019 Security Update Review vom 64.03 Punkte ic_school_black_18dp
    August is here and it brings with it the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for August 2019 Adobe releas
  • 6. The Silicon Valley Paradox: One In Four People Are At Risk of Hunger vom 61.34 Punkte ic_school_black_18dp
    Zorro shares a report from The Guardian: One in four people in Silicon Valley are at risk of hunger, researchers at the Second Harvest food bank have found. Using hundreds of community interviews and data modeling, a new study suggests that 26.8% of the
  • 7. USN-3131-1: ImageMagick vulnerabilities vom 60.66 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several secu
  • 8. The June 2019 Security Update Review vom 60.66 Punkte ic_school_black_18dp
    June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for June 2019 This month, Ad
  • 9. The February 2019 Security Update Review vom 57.29 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 10. The February 2019 Security Update Review vom 57.29 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 11. The July 2019 Security Update Review vom 53.92 Punkte ic_school_black_18dp
    July has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for July 2019 Adobe released
  • 12. The May 2019 Security Update Review vom 53.36 Punkte ic_school_black_18dp
    May is here and so are the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for May 2019 This month, Ado