How do you map the current landscape of enterprise security attacks?
Modern security breach market has a very specific behavior. While breaching an organization, cyber criminals, basement hackers, etc. work in an organized way. The attack progression, otherwise called as a kill chain, basically involves five steps. The first step is research, then infiltration or breaking in. In the third stage, they map systems, data and data bases. The fourth stage is called capture, where they take control over data. In the final stage, they take the information out.
Today, individuals are being specialized in each of these steps and are becoming smarter with more sophisticated tools. While they target large sectors such as government, financial services and telcos, small retailers and medium businesses who do not have sophisticated security measures are more vulnerable to attacks.
About 85% of the breaches in the enterprise segment today come from the mass market. Newer technologies such as cloud, mobility and big data initiatives are the other pet avenues for cyber criminals.
How is HP reinventing security solutions for newer types of attacks?
To protect the important information of an organization, we need to provide protection closest to the assets. The most vulnerable part in a company today is the application side. More than 80% of all breaches occurring in enterprises happen on the application side. HP provides Fortify security technology, which proactively identifies and eliminates the immediate risk in legacy applications. We have the ArcSight technology, which improves visibility in the enterprise and monitors user activity to detect advanced and insider threats. HP’s TippingPoint platform next generation intrusion prevention systems ensure protection across network devices, virtual machines, operating systems and business-critical applications by adding significant capacity for deep-packet traffic inspection.
HP is building technologies that can help companies better manage risks, help them harden the surface area and make it more difficult to breach in. We will look at the weakest parts and will strengthen them. HP is trying to make a shift in people’s mind regarding security by providing platform integration to manage risk, security monitoring to detect incidents and helping companies to think in a proactive way rather than reactive.
Big data is gaining a lot of attention these days. How is it relevant for security?
As a marketing tool, big data is getting a lot of attention. Big data is incredibly relevant in the security space because as we process more data, the security will become stronger. By looking at the user behavior, we can get a lot of information regarding security threats. For example, if a user is behaving differently you can spot some loopholes in security. With big data processing platforms, like HP’s core engine, you can process a lot of data to tighten the security.
Adopting mobility was a trend in 2012. What are the security risks associated with it? How is HP helping enterprises manage those risks?
Mobility is bringing in new operating systems and platforms into the enterprise systems. It allows the user to decide on what applications he can bring into the organization’s network. With the new platforms, the enterprise IT team has to mange a variety of user deployed unknowns, which will also bring in a lot of vulnerabilities. As the number of users increases, vulnerabilities will also increase. Thus, in a large organization with a huge number of users, the IT manager will find it difficult to manage users, network access, protect sensitive assets, etc. This calls for a sea change in the IT network security.
While embracing mobility, organizations should first define what to do and what not to do. Also, there should be an assessment on the specific application profiles. IT managers should monitor everything and should have high visibility on their network. HP is helping companies to attain this high visibility with Fortify and TippingPoint technologies.
What security challenges would enterprises be facing in the next few years?
There will be increased connectivity: everything will be connected to everything over time, and networks will expand. There will be a 10-fold increase in the number of things that are going to be connected in next few years. However, security measures for this are insufficient. There should be better understanding about the network and there should be much more visibility to provide better security. Also, there should be stronger identity and access control for information protection. There should be better control for information movement as well. HP is actively working in this space. We are investing heavily on network security and visibility.