Stuck in the 90s? Time for a Sobering Look at Antiquated Security Technologies

Stuck in the 90s? Time for a Sobering Look at Antiquated Security Technologies

Antiquated Security Technologies FIOrganizations are currently undergoing a security management dilemma in which the tools they’re using don’t adequately defend against today’s threats. Per Trend Micro, a 2015 TechZone and CryptZone study found overall that a majority of organizations (90 percent) were still using several 1990s technologies despite digital security having evolved over the past 20+ years. Concurrently, 45 percent of organizations admitted that they did not plan to increase their digital security budgets to address the risks associated with security breaches. In the years since that study, it doesn’t appear much has changed, and the prospects for change going forward aren’t looking any rosier.

Antiquated Security Technologies

There are various reasons why many organizations are struggling to move forward with their security solutions. First, organizations might be sticking to their antiquated security technologies because their staff is comfortable using them and aren’t keen on learning how to use newer solutions to their full effect. Second, many organizations are still focused too heavily on compliance instead of making sound security decisions. In so doing, they might deprioritize important considerations like security basics and best practices; such negligence shapes spending drivers in a direction that doesn’t necessarily reflect the threat landscape, according to SolarWinds. Sadly, far too many companies continue to see investment in cybersecurity an expensive line item in their general IT budgets, and not the enabler of new business technologies, which is how forward-thinking organizations view it.

Either way, these older solutions are undermining organizations’ digital security. In the EY Global Information Security Survey 2018-19 26 percent of respondents cited outdated security controls as the source of increased risk exposure over the preceding 12 months. This ranked second only to careless or unaware employees at 34 percent.

Given these findings, it’s not a stretch to say that organizations are spending a disproportionate amount of budget – some estimate that enterprises are spending as much as 80% of IT budgets on legacy systems – on these outdated technologies and that they are jeopardizing their security in the process. To rectify this situation, organizations need to understand how the types of technologies they’ve been using for years fall short of protecting them against today’s cyberthreats. Let’s review these traditional network security tools.

IDS/IPS/NGFWs

Next-Generation Firewalls (NGFWs) aren’t dissimilar from Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) in that they excel at detecting files based on signature and reputation. Some tools even have the ability to apply heuristics using machine learning. Even so, these solutions are limited in their ability to detect anomalous network activity. IDS systems can only identify potential security issues, which means that experienced personnel needs to follow up with any suspicious activity and spend time investigating further. At best, this effort can be difficult given the ongoing skills gap in digital security. At worst, these solutions regularly generate false positives that waste analysts’ time, and they miss threats like fileless malware and zero-day attacks.

Anti-Malware Solutions

Anti-malware software is good at singling out files based upon their threat behavior. This is especially the case at the perimeter, as these tools can help decrease the risk of something malicious being delivered to a user. These tools are most effective in detecting known viruses and malware as well as malware that doesn’t use evasion techniques. Unfortunately, digital criminals can abuse this fact and use these utilities as a knowledge base against which they can test and adapt their attacks for the purpose of evading detection. Also, given other techniques for compromising a network, cybercriminals move laterally to different network devices knowing full well that anti-malware solutions only monitor traffic crossing the perimeter and therefore won’t detect this activity.

Mobile Device Management

Mobile Device Management (MDM) solutions are useful for controlling and securing access to smartphones and tablets. In so doing, these tools provide a means whereby organizations can oversee mobile devices connecting to the corporate infrastructure, all the while providing a conduit for implementing a Virtual Private Network (VPN). But MDM tools aren’t perfect. As noted by Search Mobile Computing, device and OS manufacturers don’t grant MDM vendors the full access necessary to completely manage and protect devices. Making it even more difficult for these solutions to keep up is the fact that IT doesn’t even know of all of the devices entering the environment. In the case of MDM, you can’t secure what you don’t know is there.

Network Access Controls

Organizations employ Network Access Control (NAC) for controlling who can get onto their LAN and restricting what types of resources they can reach. In so doing, these tools can help protect organizations’ intellectual property, financial information, and other sensitive data by limiting the privileges of less-trusted and less-known users such as contractors and remote users. Even so, it’s possible to bypass NACs, as Ofir Arkin demonstrated at Black Hat USA 2006. Too much information can also overload NACs. For instance, if an organization establishes rules for different types of users and activity, such as their department and whether they’re logging into the systems remotely, this can create a lot of information that could lead the NAC tool to generate false alerts. Cybercriminals know that in many environments privileged accounts usually have unfettered and complete access to virtually everything, so they will also try to compromise or capture those credentials, enabling them greater access plus the ability to change access rules for other users.

Authentication and Authorization

Authentication is an incredibly useful digital security tool, as it enables organizations to defend their sensitive assets with, most commonly, a password, a device, or biometrics. That being said, STEALTHbits and others have documented attacks by which digital attackers use authentication technology like Microsoft’s ubiquitous Active Directory (AD) to elevate their privileges. BeyondTrust noted that bad actors could also target AD using brute force attacks, launching man-in-the-middle attacks or by exploiting unpatched vulnerabilities on AD servers.

How Organizations Can Move Forward

As discussed above, while traditional network security tools have their role and can provide a layer of security, they can’t completely keep up with today’s modern digital threats. New and novel attacks will get through. But that doesn’t mean organizations should ditch these tools; many of these solutions are still critically important to maintaining an effective security stack, after all. But you can’t be complacent: you need to temper your expectations of these solutions based on today’s threats.

Network Security ToolsSecurity is a continual and ongoing process. You need to continually evaluate your needs and the threat landscape, reallocate budget and invest in new technologies to match digital criminals’ innovations and ability to bypass your existing security controls. You can’t use your budget to simply prop up what’s already been purchased, especially given the waning effectiveness of many of these solutions.

Towards that end, my recommendation is to consider reallocating budget to embrace new solutions that can complement these existing technologies. In particular, I encourage you to look to solutions that leverage AI-based threat detection to identify the potentially malicious network activity that results from threats bypassing existing controls. As they scrutinize the network as a whole, these newer solutions can track events like lateral movement and credential abuse across both traditional network devices and other products like mobile phones. These tools use various AI techniques to automatically flag network anomalies.

Some tools, however, stop there – at flagging anomalies. But understanding the context of anomalies is key: not all anomalies are malicious, meaning without the ability to understand context, they tend to generate a lot of false positives. Other solutions, the more effective ones, also apply an understanding of what malicious behavior looks like so they can separate the malicious anomalies from the benign ones, minimizing false positives and focusing security teams’ efforts on the truly high-risk alerts.

The automated nature of these AI-powered tools also helps to address the skills gap by decreasing investigations into what turned out to be false positives, and by focusing analysts’ efforts on the truly malicious activity. In our modern world of virtually infinite storage and staggering bandwidth, there just aren’t enough security-trained eyes in the world to watch every single bit and byte moving around. Offloading some of that burden to automated technologies is no longer a nice-to-have, it’s now an essential cornerstone of everyone’s security stack… or at least it needs to be.

Learn how Lastline can complement your organization’s existing network security tools using AI-based network threat detection and response.

Richard Henderson

Richard Henderson

Richard Henderson is Head of Global Threat Intelligence, where he is responsible for trend-spotting, industry-watching, and evangelizing the unique capabilities of Lastline’s technologies. He has nearly two decades of experience and involvement in the global hacker community and discovers new trends and activities in the cyber-underground. He is a researcher and regular presenter at conferences and events and was lauded by a former US DHS undersecretary for cybersecurity as having an “insightful view” on the current state of cybersecurity. Richard was one of the first researchers in the world to defeat Apple’s TouchID fingerprint sensor on the iPhone 5S. He has taught courses on radio interception techniques multiple times at the DEFCON hacker conference. Richard is a regular writer and contributor to many publications including BankInfoSecurity, Forbes, Dark Reading, and CSO.
Richard Henderson