17 May IronNet, Inc. | The growth and evolution of cybersecurity
Cybersecurity is ever evolving and growing, and it’s clear the industry has come far in recent years. The comparison between now and fifteen years ago is wildly different, and is something IronNet, Inc. has examined closely.
Senior solutions analyst Dan Norman from ISF discussed the evolution with Dr Michael Ehrlich at a recent fireside chat, and uncovered why it’s changed and where the future of cybersecurity is headed.
In the chat, Dr Michael Ehrlich explained how cybersecurity has evolved from focusing on crimes such as credit card number theft. Instead, criminals and threats today are focused on ransomware. Ehrlich explained: “I think there are two or three main areas that have changed over the last 15 years. If we were to go back 15 years ago, 13 years ago, the attacks that were happening then from the criminal side, where really focused on things like credit card number theft. And so for the criminal to monetise what they do, they would have to access credit card information, and then somehow sell that or use that, it was really a two-step process.
“So today, obviously that’s changed. Now, it’s a one-step process in, what we call ransomware. And so the criminal element of cyber has figured out a much more effective way to monetise their skill set. Get access to an enterprise spread throughout that enterprise steal your IP and then shut down your enterprise with ransomware.”
Cryptocurrency is also an area that has impacted cybersecurity, particularly as it makes it easier for criminals seeking financial rewards. “Ten years ago it would be very hard for me to demand a million dollar ransom and get paid in funds that could not be traced. But today, that is very easy to do”, shared Ehrlich.
However, it’s not just cyber crime and theft that is shaping the world of cybersecurity. A reliance on technology and third party implementation is also challenging the growth. Ehrlich commented: “The whole third party due diligence is tough. It’s really a tough game. First of all, the third party is going to answer the way that you hope they do because otherwise they don’t get your business. I can’t possibly go through source code and understand what is happening in a product I didn’t write.
“So those are all real challenges. And so when you can’t do any of those things, really the best you can do and what you should do is have visibility into your network. Understand what’s on your network, understand what should be happening and understand when something changes, whether for the good or bad, understand what changes and what’s driving that change.”
The future of cybersecurity is always a hotly debated topic within the industry, but IronNet, Inc. sees knowledge of organisations systems as being the best preventative measure against attack. He explained: “I think most organisations, most large organisations, that take cybersecurity seriously have already probably what I would call the minimum set. So the things like firewalls and web proxies, you know, everyone has those now. And you need to or you need to raise the bar, to make it hard for entry, a good adversary will be able to defeat those quite handily.
“If you were facing a good adversary, what I always recommend is something that actually inspects and analyses the network traffic. Because if your adversaries in your network, even if they can defeat your firewalls and your endpoint agents and your web proxies and even your identity and authorisation things, the one thing they must do is they must be on your network. Their traffic must be there. It may look like something else. It may be obfuscated or encrypted but fundamentally there is a connection from your organisation out to your adversary and sometimes the best way of finding that is in the network traffic.”
He continued: “You know, the network traffic things started with very simple IDS IPSs, which have now sort of morphed into the next generation firewalls. But those are all rules based and rules are important. Don’t get me wrong. Signatures are important. They let us look out for things that have happened somewhere from a week ago, to 10 years ago and be able to spot those.
“But they’re not very good for finding the new attacks. And so, you really need algorithms. Fundamentally you need algorithms that learn about your environment, that apply some level of artificial intelligence and machine learning and can understand when an anomaly is present in your network that is potentially malicious. That can identify specific behaviours in your network that are potentially malicious. And so I think the rise of the NDR, not EDR, but NDR platform is going to be more important.”