Over the past couple of years, a discussion has been brewing in the Security community about the future of its work. On one hand, the need for security is more urgent than ever as all areas of business and personal computing are being impacted by cyber threats. On the other hand, the process of delivering software has changed: We have significantly streamlined the development process by reducing organizational silos through various implementations of a DevOps culture.
So here’s the question: Faced with this changing landscape, how can Security transform the way it does business in order to contribute its full value — without negatively impacting development schedules and operational procedures?Security needs to adjust to the rapid and agile world of the cloud, but the transition doesn’t have to be difficult. The Ops community faced a similar transition when it integrated with Dev, and there’s much that Security can learn from their experience.
To help out, I’d like to share some of the things I’ve learned over the past few years as I witnessed Ops being integrated into Dev, along with some observations on how Security might use these lessons to transition into the DevOps world.
With the coming new year comes new strategies to implement, new budgets to work with, and new threats to prevent from harming your business. I’ve personally seen a shift in the past year where more organizations are moving beyond the basic understanding of what threat intelligence is and moving into a planning and implementation process to start benefitting from the value that good intel can provide.
The first step in planning to add threat intelligence into your security and risk program should really focus around the following key questions:
• What is the goal of the intel we want to have?
• Who are the key stakeholders that the intel should serve?
• What are the assets and information we are most concerned about protecting?
• What decisions and outcomes should the intel impact?
• How will results be measured?
• Are we collecting any internal intel already? If not, this is where we should start.
• Should we outsource our intel operation, build in-house or go with a hybrid approach?
AKAMAI HAS WARNED that distributed denial-of-service (DDoS) “mega attacks” are on the rise and have the potential to cause major problems.
Content delivery firm Akamai has pushed out its Q3 2016 State of the Internet report (PDF) which reveals that, while the overall number of DDoS attacks didn’t increase during 2016, the size and severity of the attacks did.
This was aided by the number of insecure Internet of Things (IoT) devices being connected to the internet, which have subsequently been compromised and used in DDoS attacks.
Akamai suggested that the number of DDoS attacks in excess of 100Gbps increased from 12 to 19 between the second quarter and third quarters, while there were only eight in the third quarter of last year.
The attack on security journalist Brian Krebs’ website was the largest Akamai has been involved in mitigating. The company had provided services to Krebs pro bono via its Prolexic network service, and recorded an attack of 623Gbps in September 2016.