Such flux and uncertainty created by BYOD has led one company, Securonix, to conclude that centralized ownership and control of enterprise iOS devices is essential. “For now, the key strategy to support iOS devices is to ensure that organizations own the devices and all content of these devices including all the apps installed on the devices,” says Tanuj Gulati, chief technology officer for the Los Angeles-based provider of security intelligence solutions
Securonix Appoints Former Bank of America Executive as Chief Scientist to Further Advance the Use of Machine Learning for Cyber and Insider Threat Detection
Former SVP of Global Information Security at Bank of America, Igor Baikalov, to Lead Cyber Security Research and Threat Analytics as Securonix Continues Groundbreaking Research in the Detection of Cyber Attacks
Companies who have web servers that aren’t updated internally on a frequent basis may be most at risk because they continue to use old technology, according to Kindlund. Some companies who still store private data on Internet-facing servers—an outdated practice, as it makes sensitive information more vulnerable—or do not have strong security may vulnerable as well, but they can take precautions by inspecting each and every of their Linux-based server,s said Tanuj Gulati, CTO of Securonix, a security intelligence firm.
“It’s like building a castle with a moat around it, but failing to look at the activities being performed by people you let in, either knowingly or not, through the front door,” said Sharon Vardi, CMO, Securonix, in a note
“With external threats, you set up a firewall and it’s easy to block a user’s IP,” said Tanuj Gulati, CTO at Securonix. With an internal threat, “The confidence level has to be extremely high. You can’t just knock on someone’s door and accuse them.”
The attackers have the advantage in that they get to choose who to attack, what resources to go after, how and when. Companies are using static defenses against these attacks and can’t predict where the next attack will come from and what the attackers will try to go after.
“Automated responses usually have a limited set of [issues] they can respond to,” David Swift, chief architect at Securonix, told TechNewsWorld. “Zero-day malware by definition is unknown, and an automated response to an unknown attack without human analysis is a recipe for denial of service.”
Chris Inglis, who retired this year as deputy director of the National Security Agency, said disaster could be creeping instead of sudden, as broad swaths of data become unreliable.
In an interview, he said some of Geer’s ideas, including product liability, deserved broader discussion.
“Doing nothing at all is a worse answer,” said Inglis, who now advises security firm Securonix.
The size of the operation shouldn’t come as a surprise to anyone, Maiffret said. “In the past, when people thought of hacking, they thought of a lone teen-aged hacker sitting in the basement,” he said. “But people need to realize that most hacking today is related to organized crime.”
Even large companies need to acknowledge that modern-day hackers are likely “much better funded than they are,” said security expert Sharon Vardi, who is the chief marketing officer of Securonix. “They are backed by millions of dollars to get the job done,” he said.