Back to Basics

Alon Rosenthal – The year 2015 was no different – more successful attacks by hackers and malicious insiders. In years past, what was once considered an “advanced” attack (e.g., credential theft, social hacking) has become a common practice today with the widely available sophisticated malware and exploits that once were used by only a few.

The APT market clutter has dissolved as we discovered that the solutions security vendors claimed to be able to prevent advanced threat breaches, could not. Additionally, the recent hype of “analytics and machine learning” is gradually eroded by the fact that these solutions failed to stop all recent attacks – not to mention they are blind to malicious insider attacks (see Alon’s  SIEM+UBA blog) and therefore, are ultimately worthless against hackers. As a result, I expect only a handful of “pure UBA” players to survive in 2016. The rest will become the living dead, hoping to sell their technology/employee talent to a large vendor.

Global 2000s need to be increasingly weary of a new level of threat – Strategic Data Theft, Manipulation and Disruption, where not only is sensitive data stolen, but core data and sensitive business transactions are manipulated and fraudulent transactions are committed as well. Consider the potentially devastating consequences of transaction manipulation from every corner of your company’s infrastructure.

Here are some trends that I predict the industry and CISO’s will embrace in 2016 –the year we get back to basics.

a. Ensuring that their organization knows where sensitive data is found (using advanced data classification techniques).

b. Putting in place sensitive data flow monitors and forensics capabilities.

c. Analyzing these data flows in real-time, so outliers can be detected immediately and accurately while attacks are stopped in their tracks.

d. Embedding data flow controls that can instantly respond to hacker or malicious insider abuse. These actions can include dynamic masking, anonymization, redaction and row level security. If the organizations to not start doing it in 2016, regulatory forces around data privacy and data cross border controls will enforce them to do so in 2017.