Black Hat: Security pros must evolve their defensive strategy
Black Hat: Security pros must evolve their defensive strategy

Security professionals must update and address their defensive strategies to be proactive against cyber threats, according to a researcher at the Black Hat conference.

Although the industry has made progress, the way attacks have been defended against has been the same way for a very long time, Iftach Ian Amit, director of services for IOActive, said during his ‘Maximising Home-Field Advantage' session at the conference in Las Vegas.

“We're using firewalls the same way that people used walls in the Middle Ages," Amit said. “At some point we lost the realisation that all those walls are obstructing our views.”

“While attackers have a clear view of an enterprise's network, companies often face ‘walls' obstructing their views, he said.

He also said that organisations are accustomed to spending money on out-of-the-box solutions, even though they may already have the resources they need for an effective defensive strategy in place. One key ingredient he mentioned are logs, which he said are the best investment in creating an effective security strategy.

“We're really far from doing something effective with all of the data we have,” he said. “For the cost of a couple of SIEM devices, you can hire a couple of people that can go through chunks of logs and actually make sense out of it for your organisation. You need to be able to tune that data to your needs and assets.”

Amit said there is no such thing as an all-encompassing security strategy, and while businesses may have worked to put one together, it needs to be constantly updated through the intelligence they collect.

"Intelligence is key, and you can get it from many different places [such as] marketing and sales teams,” he said. “Talk to the people that run the business and ask them about what's out there against competitors.”

Once information is collected, Amit said the next logical step would be to start putting the proper security ‘fences' in place. However, technology should come last, and educating and alerting those within the organisation should be a primary focus.

“There are a lot of people that hold information on your organisation,” Amit said. “People are hackable, just as well as computers are.”