Speaking at a SecureData event in London, CTO Etienne Greeff identified the three pillars of active defense.
He listed these as: observe the landscape, understand where your vulnerabilities are and detect attacks and where you can be compromised. However, he warned that there is “no point in doing them if you are not doing them consistently.”
On the subject of addressing security issues, Greeff said that “keeping machines up-to-date is difficult,” as is dealing with vulnerabilities, and attacks “make it extremely hard to be good guys fighting bad guys.”
He said that to deal with the challenges, as defenders, “we need to understand the threat landscape and what attackers are targeting,” as well as understand offensive actions, vulnerabilities, our attack surface and what is out there.
The attack surface is where the “most gain is made” Greeff stated, pointing out that unlike the threat landscape, the attack surface is under your control and offers a bigger opportunity to focus your security spending.
Greeff said that there is too much focus on “things that are trivial” as often threat intelligence is “not as useful as you think” – too often, small a proportion of intelligence is malicious. “We focus too much on the enemy and not on ourselves, and we need to understand the network and learn from it.”
Looking at how to have a better defense, Greeff said that this is achieved by working in a “meticulous and consistent way” by collecting data and correlating it to make sense of it. Then using it so you know what it contains and what you need to act upon, and “then analyze the data to know what to do, and measure it.”
He concluded by saying that “all of you will have a security issue” at some point, and knowing how to deal with an attack and learn from an assault will aid you. He said: “We face overwhelming odds and security is not an easy task and we complicate it with interconnected systems and face a sophisticated adversary – but focus on knowing yourself, your attack surface and behaviors and vulnerabilities.”