Security vendors have a part to play in securing IoT too. "[They need to consider connected devices] as part of technology fabric they are securing. At Rapid7, we consider it our responsibility to secure everything in [our customers'] organisation that introduces risks to the business, and we encourage other security vendors to do the same," he said.
Improving security with user behaviour analytics
Commenting on the general security landscape, Thomas attributed the rise of security threats and attacks to "an immature, fragmented technology environment, and a more robust and well-organised attacker ecosystem."
"Organisations are deploying more innovations than ever before due to their [perceived] benefits but because those innovations are new, they tend to be more immature. This results in a technology environment that is more fragmented and immature than before. Additionally, cybercrime today has its own complete ecosystem and economy that includes everything from research to distribution. As such, organisations are challenged to operate in a technology environment that's different from 10 years' ago while facing an increasing number of attackers," he explained.
To overcome those challenges, Thomas provided a three-step strategy. Firstly, organisations need to understand their risk profile, and identify the areas of the business most likely to be compromised. Secondly, they should have controls and preventive technologies in their environment. Finally, they should be able to detect threats and attacks.
Elaborating on the need for detection capability, Thomas said: "Since every organisation will be compromised [at some point], the speed of detecting an attack matters [to minimise the damage]. This is where user behaviour analytics can help."
He went on to explain that current detection technologies such as security information and event management (SIEMs) tools overwhelm IT/security teams with alerts and may miss essential indicators of compromise. It is no wonder that Verizon's 2016 Data Breach Investigations Report found that while 93 percent of data breaches last year took minutes to execute, 83 percent of them were only uncovered weeks or months after the compromise.
"User behaviour analytics [such as the Rapid7 InsightIDR] can cut down the detection time to days," Thomas commented. "[By leveraging machine analytics], the solution continuously learn the user's normal behaviour and applies context to that behaviour/events to detect and identify attacker activity. This will reduce false positives, allowing IT/security personnel to capture the attacks much faster and at a much higher productivity level."
"So instead of having to focus on, say, a thousand alerts, IT teams only need to focus on three to six things at a particular instance as user behaviour analytics will provide them the right information at the right time. This means that even if you have a small IT team, they will be able to deliver results [ie. securing the organisation] because they are spending time on high impact tasks," he added.
Sign up for Computerworld eNewsletters.