The past year has been rife with an alarming increase in grievous information security incidents. Breaches, widely distributed software critical vulnerabilities, and increasingly sophisticated attacks all appeared with frightening regularity. Everyone who works in information security knows it’s a tough role. Much like public utilities, no one is grateful or concerned until it doesn’t work or isn’t there. Once you have been breached, the resolution will take considerably more time and investment than implementing simple preventative investments in the first place.
Much as the shift from tactical warfare to cyber warfare has forced the military to rethink defense strategies, the current escalation in the sophistication and frequency of cyber-attacks is forcing enterprises to move beyond defense-in-depth tactics. One can argue that cyber warfare is moving from basic tactical attacks to advanced tactics that require a different strategy.
In WWII, the Allied command struggled with incomplete intelligence until they were able to obtain an “Enigma” machine with the rotor mechanisms used to encrypt all Axis messages. Once this machine was in the possession of the Allies, the quality of their intelligence improved immensely and strategic assets were retaken, key Axis maneuvers were defeated, and ultimately the war was turned in favor of the Allies. Such was the impact of the Enigma machine that Dwight D. Eisenhower cited it as “Decisive” to the victory.
As witnessed in WWII, accurate intelligence provides key insights into using the right resources and applying them effectively. While there are a host of threat intelligence feeds that exist, knowing which ones are most effective is a guessing game for many enterprises (a hint, it isn’t the ones with the most alerts.) In order to make more effective security investment decisions, you need better intelligence. Where are the weakest points, what can be done to diminish that weakness or counter an effective attack? What is the right investment for my organization given my initiatives and business alignment objectives?
To this end, the NSS team has a rich agenda in store for subscribers in 2015 including:
When you get to the end of 2015, what goals will you have set and accomplished for your organization? A firewall to NGFW conversion improving application intelligence at the edge? The deployment of a breach detection system to assist catching advanced threats? Coming in under budget while being able to reduce the operational maintenance challenges of legacy policy management? Whatever your organization's objectives are for 2015, NSS Labs can help you in achieving them.
Follow Mike on Twitter (@mikespanbauer) to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.