How do we deal with the proposition that we are already penetrated?
Ever since the rise of the Advanced Persistent Threat and Socially Engineered Attacks the term Cyber has taken on new meanings and the IT Security industry has become one of the most vibrant sectors of the IT Industry.
At the European Infosec Event this week over 400 vendors were promoting their wares with the expectation that more than £1Bn of orders will result.
I have been to 3 such events recently and the range of issues arising has been phenomenal.
Planning and rehearsing for major events has become de rigeur with CIOs and other senior stakeholders needing to take media training. The industry has responded to Digital Challenges with a range of products providing cloud based security monitoring and encryption. Products similar to Military Battlefield Management Systems provide overarching monitoring, control and simulation systems. There is a high degree of inter-operation between many products and innovative products conduct network discovery and behavioural anomaly detection to track down new attacks using advanced machine learning and statistical analysis. There are even niche products for things such as system administrator control and user recognition via typing pattern recognition at keyboards.
However, one family of products disturbed me. There are now systems for monitoring user behaviour and predicting who is likely to cause a major leakage incident. This sort of big brother system is going to take significant effort to tune so that unfortunate false positives are avoided. Once people are used to them, they will be readily gamed. Whatever happened to actually managing and knowing the people who use your systems?
No comments:
Post a Comment