Light Dark
December 3, 2014 By Rick M Robinson 2 min read
Intelligence & Analytics

In the days of yore, when most computers were connected via wired local networks, organizations typically relied on endpoint protection to ensure the integrity of their networks and the security of their data. Like the walls and moat of a castle, endpoint security was based on a simple principle: Keep threats outside, and the interior will be safe.

However, the information world has changed. Internet connectivity has made every PC in the network a potential endpoint. Mobile devices and cloud computing have globalized the local network, rendering uncertain the very concepts of endpoints and perimeters.

Today, a “moat of intelligence” is needed to safeguard an organization’s valuable data.

Security: From Myths to Reality

As networks have become more complex and cybersecurity threats more ruthless and sophisticated, too many organizations have retreated into security myths. Either they indulge in wishful thinking (“We won’t be hacked”) or they become paranoid (“We need to lock down everything”). Neither is true.

At a recent Web event, Brendan Hannigan, general manager of IBM Security Systems, outlined how firms can protect themselves against today’s threats. He said the concept of a castle moat needs to be replaced by a moat of intelligence: an active understanding of threats and an awareness of what needs to be protected most against those threats.

Building the Moat of Intelligence

According to Hannigan, a key first step in protecting information security is to “know thyself.” While 70 percent of the value of modern publicly traded firms is embodied in their intellectual property and other data, this highest-value information may account for less than 2 percent, down to as little as 0.01 percent, of total data repositories.

Trying to protect everything can end up protecting nothing. Therefore, firms should concentrate their efforts on guarding this high-value information while giving other data an appropriate measure of security. This means information holdings must be assessed.

The other component of the moat of intelligence is actively engaging security threats. Today’s cybercriminals are sophisticated and determined, but they do not have magical powers. Like burglars in the brick-and-mortar world, they have to “case the joint” to find and steal high-value information. Security intrusions leave distinctive and detectable traces that security experts can recognize.

Enlisting Security Allies

By working with the broader security community, a firm’s security team can tap into the latest threat profiles and security intelligence resources. Organizations do not need to protect themselves in isolation; they can enlist powerful allies in the cause of information security. While mobile and the cloud have posed new security challenges, they have also provided powerful new security tools.

Yes, providing information security today is a challenging task. But by building a moat of intelligence, organizations can protect themselves in a changing information environment.

 |  | 
Rick M Robinson

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature