Know yourself, know your enemy; win a hundred battles
The NEC Cyber Security Platform provides a comprehensive solution—and peace of mind—to enterprises, institutions and organizations
by Hugh Ashton
Cyberattacks—attacks on computer systems —are a serious issue, making the headlines on an almost daily basis. The number of cyberattacks mounted by professional criminals, and even by nations, continues to increase, along with their sophistication and resultant severity, and this trend shows no sign of stopping. According to a report from McAfee and the Center for Strategic and International Studies, cybercrime costs U.S. companies $100 billion annually—the equivalent of roughly 500,000 jobs—and adds up to a yearly global cost of over $500 billion.
Highly publicized incidents such as the 2013 Target data breach, where account details of 40 million of the retail chain's customers were stolen, and the hacking and disclosure of confidential information belonging to Sony Pictures, as well as the recent U.S. government leak, where records containing personal information of over 20 million government employees were stolen from the Office of Personnel Management, have brought the problem to the forefront of public attention.
Some of the personal information stolen from the OPM includes fingerprint data and passwords obtained in the course of background checks made by the Federal government from applicants seeking security clearance.
Even after a breach is known to have occurred, it may take time to patch the systems to prevent further leaks. In April 2014, a vulnerability—the Heartbleed bug—was discovered in the code used to encrypt information on secure servers used for e-commerce and other confident transactions. According to some estimates, some 500,000 servers were vulnerable to Heartbleed, about 17 percent of all secure Web servers with certificates issued by trusted authorities.
In the U.S., the bug allowed security keys to be stolen, with the confidentiality of 4.5 million patients of a major hospital chain at risk. In Canada, 900 taxpayers had their Social Insurance numbers stolen, and a parenting site in the UK had several accounts hijacked.
When it comes to the case of the Heartbleed bug, administrators were able to make a patch available within a week. However, nearly three months later, it was reported that 300,000 public servers were apparently still vulnerable, chiefly on account of two reasons. Firstly, it may be hard to find an appropriate time to apply remediation patches, since such operations will have a significant impact on, or even force a halt in operations. Secondly, such patches need to be thoroughly tested before going live, and the time and resources to carry out such testing are often not available.
The risks to corporate victims of cybercrime include reputational risk, resulting from loss of trust, and operational risk, where operations may be compromised or even suspended. An attack may involve the loss of confidential and proprietary information, which may lead to financial risk.
Perhaps worst of all, says Jun Goto, Senior Manager of NEC Corporation's Cyber Security Strategy Division, many organizations have no idea that they have been attacked until the damage has been done.
Firewalls are not enough
Every modern city's infrastructure is connected to the Internet. From hospitals, fire services, water and energy supplies, transportation systems, airports and other vital services all the way to retail stores and home energy management systems, there is broad dependence on Internet-connected technology. Such connections are all potentially vulnerable to targeted attacks.
With the proliferation of devices connected to the Internet, such as PCs, servers, network appliances and mobile devices, the "attack surface"—the number of possible points where cyberattacks can originate—continues to expand. With this increased attack surface comes increased complexity, and increased time needed to discover the points of unauthorized entry, and to issue appropriate software patches to correct the situation.
A high level of technology and the expertise needed to make it work are also necessary to implement an adequate degree of cybersecurity, and to mitigate attacks.
Even after rigorous measures are implemented, the most advanced security measures may still let through over 30 percent of attacks, which may end up halting an enterprise's operations. No wonder, says Goto, that cybersecurity is not simply the IT department's problem; senior management will find that these issues affect them, as well.
NEC and partners look ahead
Being proactive is the order of the day. Rather than playing catch-up and merely responding to threats from the bad guys, NEC takes a proactive approach , using intelligence from a variety of sources around the world to identify potential vulnerabilities in systems and applications, and threats to these systems. A primary information source is NEC partner Norse Corporation, a leading threat intelligence company that collects and analyzes 200 terabytes of cyberattack information daily.
As vulnerabilities are discovered, NEC's security analysts determine which security patches should be distributed, and NEC's solution pushes these and other threat intelligence items to system administrators, where they are displayed on a dashboard, and can then be applied.
Removing rotten apples from the barrel
As Goto points out, threat intelligence on its own is not enough to make a system secure. System administrators need to act on information in a speedy manner before hackers can do damage, or, if a virus or other malware has already infected the network, to isolate the affected parts of the network.
Typically, if malware is discovered in a complex network, it may take several weeks to recover from an attack, while scanning the entire system for the affected software and applying patches. Even as an affected organization gets back on track, there may be a resulting financial loss, as well as a loss of trust. Reconfiguration of a complex, multilayered network is a task demanding expert resources, as well as time.
The NEC Cyber Security platform provides an effective way to act on the intelligence provided. As an innovative company with over 20 years of experience in the security field, working with law enforcement agencies around the world, and as a leading supplier of enterprise full-service solutions, NEC offers distinct security advantages .
In 2013, NEC discovered a network vulnerability that could have led to disaster, but was relatively easy to patch. However, discovering which PCs or servers around the world required the patch was another problem—or would have been, had it not been for the deployment of NEC's solution that allowed administrators to apply patches within an hour to 180,000 machines. Such proactive features dramatically reduce the workload of administrators. Even when offending malware has erased itself after doing its nefarious work, the NEC solution is able to identify its traces and take appropriate countermeasures.
NEC's Software-Defined Networking (SDN) solutions , currently deployed in hundreds of installations, provide automated control of complex networks. When malware is detected and a notice is sent, the administrator can press one button on a screen to isolate infected segments instantly, using the intelligence built into the SDN appliances.
The Internet of Things (IoT) is on the horizon—a time when many devices that now stand on their own will be linked in a global network. The opportunities for mischief and destruction are immense, and have precipitated discussions about the terrifying possibility of a computer-controlled car being hijacked, with, as one security analyst has postulated, the driver unable to brake or regain control, even as the cellphone rings and a voice demands money for the "return" of the car. Less dramatic but equally far-reaching hacking is becoming increasingly possible on everyday devices as they acquire "smart" connectivity and IP addresses. NEC is well aware of this new threat and is working to anticipate it.
NEC works with others to make a safer world
NEC's skills and leadership in the field are recognized internationally. INTERPOL and NEC signed a partnership agreement, recognizing that both INTERPOL and NEC can draw on one another's strengths to meet the digital crime challenges of today and tomorrow.
NEC recently worked with the Singapore Economic Development Board to develop a cybersecurity training program, the EDB-NEC Strategic Attachment and Training Programme (STRAT), to build up strategic capabilities in cybersecurity and meet regional needs. Trainees receive training in malware analysis, incident response, intrusion detection, digital forensics and vulnerability assessment, leading to certification as Security Operations Center (SOC) professionals.
The program lasts for 12 months, with the first three spent in "boot camp" training. Then, the NEC Cybersecurity Factory in Tokyo trains the students for six months in the practicalities of operating an SOC, and the students spend the last three months either in Singapore with regional assignments, in an NEC Regional Competency Center, at an NEC partner organization or at the NEC Research Laboratory.
NEC continues to expand cybersecurity operations worldwide. Security Operations Centers have been established in Japan, Singapore, Australia and Brazil, providing security and peace of mind, and helping to create safer networks and societies. And NEC continues to develop and expand its fight against cybercrime. Additional Security Operations Centers are planned for other countries to enable NEC to offer a full-coverage global service, no matter where in the world its clients may be operating.
For more information: NEC Cyber Security Solutions