Tue, 25 Jun 2013 – Kevin Wilson, Director of Public Relations
From the keynote to the last session, Gartner analysts covered a wide range of security topics at the annual Security and Risk Management Summit in Washington D.C. June 10-13. Ghosts of security past, present and future appeared onstage at the opening keynote in a brief competition to determine which era of threats was the worst. All agreed that today the basic model of security is being challenged, individuals will continue to be the attack targets by cybercriminals, and companies cannot afford to treat security like a check-box exercise.
While it was impossible to attend all of the sessions, the Wontok team frequented presentations that covered critical topics including MDM, BYOD, advanced persistent threats (APTs), and cyberwarfare. Following is a recap of the sessions that made an impression on us and provided some interesting headlines for the IT security industry.
Sharing Data without Losing It
Analyst Jay Heiser spoke on Day One about how to share data without losing it. He suggested that SMTP is simple, not secure; email should no longer be treated as a universal solvent; and if you can’t tell people what they can do when it comes to their devices, than the next best thing is to keep track of what they do with them. He predicted that all Fortune 1000 companies will use a SaaS board-of-directors portal by 2015 as a secure way to access board documents and collaborate with other members. He also recommended that companies utilize trusted containers for untrusted endpoints.
Duck and Cover: Preparing for Cyberwar
In a general session, Avivah Litan and Richard Hunter described the reality of cyberwar and how existing defenses are inadequate for the next generation of coordinated cyberattacks. Litan addressed the question of how will cyberwar evolve in the future by saying, “The democratization of technology, where devices are operating everywhere all the time, creates potential for mass victimization.”
She also indicated that if cybercrime and cyberwar become indistinguishable, there is a possibility that cybercrime will sooner or later turn deadly. Litan and Hunter suggested that in these turbulent times, business continuity management (BCM) should be a focus, adding, “The BCM discipline will lead to the most important defenses most quickly.”
Litan also recommended that enterprises have an emergency “off” button and to not only deploy solutions that keep the bad guys out, make sure they are not staying in.
What is the Future of Mobile Management and Security?
In what was probably the most definitive statement made during the entire conference John Girard described the $784 million Mobile Device Management (MDM) market as “in chaos and will die.” Virtually all Gartner analysts on the panel agreed that there are too many vendors selling MDM and the reason why so many have entered the market is because there is a low barrier to entry. MDM will likely be swallowed up by other solutions and it is more likely that mobile application management will survive because managing rights at the application layer is more critical.
Day 2 Keynote: Mastermind Interview with Steve Bennett, CEO of Symantec
Symantec is one of the most familiar names in security. Gartner analysts Peter Firstbrook and Neil MacDonald queried Bennett about how the company will handle Advanced Persistent Threats (APTs). Bennett made three important comments:
- No one solution can stop all APTs. Everyone needs to work together and integrate with next generation solutions.
- It’s important to have a multi-layered approach to stop APTs
- Security is not about protecting devices, it’s about protecting people and their information
The Desktop is the New DMZ
The panel, which consisted of Mario de Moer, Jeremy D’Hoinne, Peter Firstbrook, Neil MacDonald and Greg Young addressed the idea that while employee’s desktop computing devices were included in the “trusted zone,” additional endpoints being brought in from the BYOD trend is forcing organizations to adapt their security architectures.
Traditionally, there has not been a vendor that does network and endpoint security well. In the enterprise world, how do companies compensate for the loss of control and still account for sensitive transactions? A parallel was drawn to the banking industry, which has been dealing with this security challenge for years. BYOD is forcing everyone to change what they are doing and the focus needs to turn to what is critical for the business. If we want to be efficient, we are going to have to pick our battles, and understand, we will not win them all. We must first focus on what we need to protect then focus on the solutions. No one size fits all. The Wontok team agrees with this viewpoint and that’s one of the reason’s we developed the SafeCentral solutions to be part of a multi-layered approach to security.
Analyst Peter Firstbrook addressed a number of challenges in the endpoint security market. Most endpoint solutions are still not able to detect Zeus malware. The only way that antivirus vendors can capture malware is if they have a sample and then they can build a signature. Unfortunately, every file that Zeus creates is different.
Endpoint security solutions are still having a hard time distinguishing between good behavior and bad, and don’t know what are the good applications and files are. Firstbrook compared today’s malware detection solutions to facial recognition software that stops only known criminals. He suggested that the most value going forward is granular control around managing applications.
Another flaw of existing AV solutions is that they have no notion of history. Peter Firstbrook commented, “They don’t tell you what Zeus did to your system.” It’s important to understand when the malware was implanted and what it has already done to the system prior to detection. Gartner sees an integrated secure web gateway as the silver bullet.
What Android and iOS are doing on the mobile platform, analysts have suggested should be done to the PC, including trusted app stores, app signing, privilege management and isolation. Today, according to Gartner, malware is rare on Android and nonexistent on iOS because of this approach.
We did note that Peter Firstbrook suggested that attackers will increase their focus on the Android platform since vulnerabilities are plentiful, jailbreaking is possible, enterprise certificates evade the applicants on stores, and hardware manufacturers are adding their own vulnerabilities. Even so, Firstbrook doesn’t see huge value in traditional malware approach for Android devices. “It’s insanity to start with blacklists… as app stores are out of control.” While there are more bad apps than good apps today, the tide will shift as more companies start to categorize apps using MDM.
Mobile devices have powerful browsers and filtering is important, but few companies are dealing with this important security feature. To deal with unmanaged endpoints, it’s important that enterprises shift their thinking from defending against malware attacks to maintaining the integrity of critical data and transactions. First, identify the data that needs to be protected and the critical transaction systems, and then build the appropriate security controls around them.
Keeping Bad Guys Out of Your Accounts
Avivah Litan examined internal and external threats against the enterprise and how criminals are bypassing common security solutions. Most of the common methods used to protect accounts can be beaten. To stop fraud, she recommended several steps, including starting with a level 1 endpoint-centric solution. And while you can have all the security bells and whistles that you want to stop fraud, you need policies and procedures to make them work. Conventional authentication techniques don’t work on mobile devices so it’s important that enterprises look at mobile differently.