CU InfoSecurity 2017: Honeynets & Cybersecurity Economics
Implementing honeynets and web application firewalls, avoiding malware and zero day attacks, and the economics of cybersecurity, were among the topics covered at the CU InfoSecurity 2017 conference in San Diego.
Like many businesses, credit unions incur steep losses in reestablishing member safety following a data breach, whether online or otherwise. On average, credit unions in 2014 spent $136,000 on data security measures and $226,000 in costs associated with merchant data breaches, according to NAFCU.
A.N. Ananth, co-founder and CEO of security information and event management firm EventTracker described how a honeynet, a collection of honeypots − virtualized decoys that mimic desktops, servers, printers and other network technology – set up to invite attack can help study threat actors’ behavior. These decoy networks help defray this cost by providing valuable intelligence about malicious activity brought against a credit union’s network.
Ananth’s presentation, explored how honeynets work and best practices for implementing them to protect networks from attacks. The session also highlighted many security experts’ belief that properly deployed honeynets deliver enormous value for a small amount of up-front effort.
“Honeynets are different from threat intelligence and it is something you should do as a layer of defense,” Ananth told conference attendees.
Credit Unions have been getting regulation, guidance and tools from multiple authorities and understand how to comply with examiners. However, bad actors still seem to be winning the war on cyber. Why? asked Scott B. Suhy, CEO of NetWatcher, a 24x7 network and endpoint security monitoring service.
In his presentation, Suhy suggested economics could be part of the problem. “The reality is that many credit unions can’t aﬀord to hire security analysts (they couldn’t ﬁnd them if they could aﬀord them) and cannot aﬀord expensive solutions.”
Another part of the answer might be the ease in which a bad actor can successfully attack an organization that just use basic security protections (firewall, anti-virus etc.) and do not continuously monitoring for a more advanced attack leveraging more advanced tools such as SIEM, NIDS, HIDS, and threat intelligence.
Les Flammer, managing partner of the vantage group spoke with Mark Bennett of Checkpoint, their partner, about how sophisticated malware and zero day attacks avoid detection and are difficult to defend. They pointed to a Kasperksy Labs report, which revealed 320,000 new pieces of malware uncovered every day.
Flammer detailed how current generation malware is continually evolving and becoming increasingly stealthy. Signature-based detection, although necessary, is insufficient. He added, new attackers have successfully evaded first generation of sandboxing techniques. The latest sandboxing technologies have offered some promise but attackers have now become increasingly effective at evading detection. Worse yet, sandboxing interrupt business workflows or are late to notify that an infection has already occurred.
“The malware only gets detected after it has successfully compromised the system and then they isolate that system.” Flammer advised.
“Legacy approaches to this problem cannot keep up,” Flammer said. A product from Check Point called sandblast, a second-generation sandboxing, defends endpoints with real-time advanced protection technologies.
Installing a web application firewall provides another layer of protection according to Randy Hays, director of North American sales at managed security services provider Network Box USA, which provides enterprise-level security solutions
Web application attacks caused a third of all breaches, according to Hayes in his presentation. Credit unions must protect Web servers because the organization not only stands to lose data directly, but the server also connects to other data in the network.
Why does a CU need it? “If you have a web and you do business on the web or interact with the web, which credit unions do for online banking, you need very specific protection for that,” Hays explained.