With disruptive technologies having transformed the nature of today's enterprise, legacy security strategies are shackling organizations from responding appropriately to sophisticated threats. Attackers continue to innovate, and defending the perimeter alone is an increasingly risky proposition. What needs to change is the recognition that you can't eliminate all of the attackers, says Bryce Boland, CTO APAC for security vendor FireEye.
You might be able to defend against all of the vulnerabilities you know about, but you can't defend against those that you don't know about, that haven't been discovered, and those that your users create, because that's where these attackers will come at you from, he says.
"The only way you can win in security today is to identify all the attacks that actually succeed and do something about them before the attackers can leverage that internal position to gain access to something valuable," Boland says. "You can then redefine what winning in security is, to mean, rather than prevent all possible bad things from happening, eliminating the negative impact."
By doing this you are changing it from a technical problem - how do I prevent all possible breaches - to a business problem: How do I eliminate the business impact of a threat succeeding? Post APT30, he says there's definitely an increase in awareness and interest, but there is still a lack of awareness generally though in the way organizations are approaching the problem. Boland spoke to ISMG about APT30 in a previous interview. [See: Inside An Elite APT Attack Group]
"They look at the report and say, 'ok here's this new threat - I now know some indicators of compromise to look for', But that's not nearly enough," he says. "There are many, many threat actors out there that FireEye is tracking. In fact we suspect the APT30 group is back, and this time they have changed things to avoid the IOCs that we know of."
These threats are real, and they are constantly compromising organizations that don't have the means to detect them. And even if one can detect them, one must be able to respond and remediate, Boland says. In this exclusive interview with Information Security Media Group, Boland speaks about the prevailing security challenges and paradigms in the region - where they are, and where they need to be. Additionally, Boland shares insight on:
- Cloud adoption and the APT challenges;
- For targeted attacks, the need to move the onus away from users;
- Changing what winning in security means.
Boland is the chief technology officer for Asia Pacific at FireEye. He has more than 16 years in information security experience. Prior to FireEye, he was the security CTO for UBS, responsible for group-wide security strategy and architecture. Previously, Boland worked for ABN AMRO as a technology risk management consultant and was also a member of the ABN AMRO GCIRT and Enterprise Network Steering Committee. He has lived and worked in New Zealand, Australia, U.K., Switzerland, and now Singapore, and has a master's degree in computer science with a thesis in cryptographic protocols.