‘Ready for anything’: takeaways from Infosecurity Europe 2016
This week, Ixia was exhibiting at Infosecurity, Europe’s biggest information security event, showcasing our range of solutions that optimize network security and visibility without sacrificing performance. The event’s keynote speaker was bestselling author, explorer and photographer Levison Wood, a former army officer who has walked the length of the Nile and the breadth of the Himalayas. In his speech, he admitted to having little knowledge of cyber security but, as quickly became apparent, Wood stated that the very qualities that enabled him to complete such daunting feats, often in dangerous territory, are also applicable to organizations looking to remain secure and resilient in today’s landscape of advanced cyber attacks.
Wood said the motto of his former army regiment – ‘ready for anything’ – signifies an approach centered on risk mitigation, building resilience, rapid incident response, and active training. These are qualities that are also at the heart of Ixia’s approach to network security.
To effectively mitigate your business’s risk of exposure to cyber threats, you need to start by filtering unwanted, potentially harmful network traffic that could over-burden your security and monitoring analytics tools, and conceal attacks. Ixia’s ThreatARMOR filters traffic from known-bad IP addresses, hijacked IPs, and untrusted countries, greatly reducing the number of security alerts. It eliminates automated probes and scans, DDoS attacks, and phishing and botnet connections from those bad IP addresses, allowing security teams to focus on meaningful new security alerts that indicate an active breach.
A recent report by the Ponemon Institute found that enterprises only investigate 29 percent of alerts, and 40 percent of those turn out to be false positives. This means that the bulk of security events which would indicate an ongoing breach are never investigated, leading to an average of 170 days to detect an advanced attack. The ability to eliminate the noise of known threats enables security teams to focus on quickly identifying real threats.
We’ve recently blogged about testing new applications for performance and resilience in the face of a cyber attack, which, crucially, means testing those applications under real-world conditions. A mixture of testing applications and traffic loads should be used, reflecting your organization’s real load and network traffic. Ixia’s testing as a service approach is a scalable and cost-effective way of achieving sophisticated testing without having to invest in an in-house team.
The crucial strategy here to analyze, find, and proactively solve network issues before they impact on the user experience. Ixia achieves this by emulating traffic for voice, unified communications, webcasts, and other rich media applications, and analyzing how current network conditions will impact the overall quality of the application. In other words, Ixia helps you get ahead of the game on network flaws that may potentially cause a security risk or a performance problem.
Technology clearly has a crucial role to play in ensuring that your business is ‘Ready for Anything’, but so do people. Staff training is not always high on the agenda for organizations considering their information security posture, and yet it has an enormous impact both on the likelihood of falling victim to an attack and the ability to respond effectively. Ixia CEO, Bethany Mayer, recently wrote an article discussing the importance of security training, and shifting corporate IT cultures from focusing on speed of deployment, to focusing on robust security. Sometimes the slightly longer route is the better one – as Levison Wood would no doubt agree.
Ready for anything
Collectively, these four strategies have helped Levison Wood to conquer some of the most hostile terrain in the world. The cyber security landscape is, likewise, extremely hostile – but with these principles in place, businesses really can be ready for anything.