The Battle Has Moved to the Endpoints and Beyond

Wednesday, March 11, 2015

Peter Zavlaris

Af2c9843333cc1e2578ddf18b3eed066

The threat of web-based malware has caused a shift in investment into more perimeter-based security systems that focus more on detection and response rather than prevention in 2015—explains Ericka Chickowski, reporting on recent Ponemon findings in Dark Reading.

The survey, based on the responses of over 700 IT and IT security practitioners, shows that an astounding 95% of organizations reported that they are moving from prevention to a detect-and-respond-based approach to security. It also found that 80% of the respondents consider web-borne malware as their most frequent attack vector and 68% of organizations represented consider endpoint security as a higher priority in 2015.

But what exactly constitutes the perimeter these days? Does it end at the cloud services? Does it end on web servers, routers? Is it employee devices? What about digital-based assets like websites, mobile sites, mobile apps, etc. Who’s guarding them?

The best security programs will have strategies for all of the above in 2015 and beyond.

Adding to the complexity of the challenges sitting on a CISO’s desk are modern trends in malware like malvertising, that targets individuals, and shadow IT, creating huge knowledge gaps.

As reported in CSO Online, only 8% of companies know the scope of shadow IT at their organizations. Experts from the Cloud Security Alliance point out in their findings that companies typically underestimate their usage of cloud services by a factor of eight.

The impact of shadow IT can mean a massive array of public-facing assets are connected to the web that have not yet been properly accounted for or secured. These assets make great targets for malware authors and cyber thieves looking to launch attacks on customers.

Another threat vector where attackers are finding a footing is malvertising. Even the world’s largest and most technically advanced ad exchange is vulnerable. One particular malvertising campaign that had been running since mid-December was recently uncovered on Google’s AdSense Platform.

The point is that the enterprise perimeter is now well beyond the confines of a corporate datacenter, and so are the threats. The bad news is that no silver bullet exists to counteract these threats.   

At this point, it's anybody’s best guess on who the next targets will be and through which vector the next attack will run. Therefore, the perimeter is a critical area to factor into any risk equation. On the Internet—where websites, mobile applications, mobile websites, etc. collide with customers and cyber thieves alike—the risks are substantial.

While organizations may be adding solutions to their arsenals to combat threats at the endpoint, they may want to consider what else constitutes their perimeter. Is 2015 the year to wrestle control back over the sprawl of digital assets and reign in shadow IT? Is it the year to proactively counteract outward-facing threats targeting users rather than waiting for complaints to come pouring in or the media to find out? Let’s hope so.

This was cross-posted from the RiskIQ blog. 

12076
Cloud Security Firewalls IDS/IDP Network Access Control Network->General SCADA
Post Rating I Like this!
Default-avatar
Atul Pandey Tips for Selecting The Most Removal Agencies for Household Relocating
http://best5th.in/packers-movers-delhi/
Quick and Easy Residential Home Relocation by Skilled Packers & Movers
http://list7pm.in/packers-movers-noida/

1426137463
Default-avatar
Anamika Pandey
Use the internet: In case you are looking for solutions involving specialized movers as well as packers businesses then you can go online. World wide web is actually full of valuable means. You possibly can obtain quite valuable details about transferring businesses on world-wide-web. Just about all excellent businesses include their particular web sites wherever these people illustrate concerning his or her solutions as well as small business user profile. You possibly can collect entire information on transferring firms verifying their internet websites specifically “about us”, “contact us” and also “profile” websites.

Packers and Movers Dehradun http://Dehradun.packersandmover.org/
Packers and Movers Jaipur http://jaipur.packersandmover.org/
Packers and Movers Kota http://kota.packersandmover.org/
Packers and Movers Udaipur http://udaipur.packersandmover.org/
1426140320
Default-avatar
Jason Shore Nice post, totally agreed with this post, Play Golf in India @ http://www.golftripz.com/destination-categories/golf-in-india/
1426160417
Default-avatar
arbi salami programs at UC Berkeley and University of Pennsylvania, respectively, while Lin works I was actually captured with the piece of resources you have got here http://www.newcrystalx.com/2014/08/ciri-ciri-crystal-x-asli.html
1426311195
Default-avatar
Robert Juker I like this post and information shair in this post are really help people. http://essay-lab.net/research-paper-help/
1426580466
Default-avatar
Robert Juker Really helpful, thanks a lot research paper help
1426580489
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.