Golan Ben-Oni, CIO of IDT (Newark), spoke at the Amazon Web Services (AWS) Loft in New York on August 23 about how IDT secures its computers and cloud, and about the NSA EternalBlue hack in April of IDT's servers.
“Automation is the only way we can stay ahead of the emerging threat landscape. Security automation is achievable,” he said.
Founded in 1990, IDT has grown into a large international company with several vertical markets, including telecom, finance, energy and oil, education and pharmaceuticals. This presents a large “surface vector” for hacking, and IDT is attacked more than other organizations. The finance division has been attacked by hackers seeking to steal funds, telecom has been attacked by hackers trying to access free service and the pharmaceutical division has been subject to attempts at intellectual property theft.
“In spite of there being more cybersecurity personnel, the number of attacks is increasing — and are increasingly successful. The attacks are becoming more sophisticated. Security events in 1990 were a lot less,” Ben-Oni said. “Hackers are being helped by the release of state-sponsored tools such as leaked NSA hacking tools. Shadow brokers on the dark Web are slowly publishing NSA tools. This is the first time anyone on the Internet can get state-sponsored tools.”
Conveying conventional wisdom, Ben-Oni added, “The cost of attack versus defense is large. DoS [Denial of Service] tools can be bought on the dark Web for $5, but defense can cost upwards of $500,000! In addition, there is a lack of security experts. There are one to two million security jobs that cannot be filled due to the lack of trained security personnel.
“Another factor causing an increase in attacks is response time to attacks. On the average, it was taking 30-45 minutes to respond to a breach, while data was being stolen within five minutes. Networks are poorly integrated, causing a poor response time to [attack] incidents. The cloud helps increase response time.”
The traditional view was that hygiene — including keeping your software up to date, installing operating system patches (updates) and safe browsing — was the best defense against attacks, according to Ben-Oni. “We cannot blame users all that much,” he said. “We cannot expect them to be security experts. The silver bullet doesn't exist. All the new security startups do not have a silver bullet. You can do everything right and still be breached through the weakest link. There is a regular cycle in learning [about attacks and defenses].
“Anybody big enough has AWS. IDT uses AWS. You can have secure operations in the cloud. There is an advantage of using the cloud to secure to your cloud. Security can be orchestrated and automated with the cloud. Cloud security can keep the event logs, which keeps security costs down.
“Conventional security-event management takes time to correlate. The SOC [Security Operations Center] engineers need time to find the alerts, analyze the events and check for file downloads, and if downloaded files are executing they need time to respond by shutting down ports, for example. Searching and triage, finding and isolating the affected endpoint [computer] and network, can take time. This traditional approach to security can take hours or days. Using automated cloud services can reduce the time to minutes and half a minute. Time from alert to containment can now be seconds.
“In 2013, IDT developed a proof of concept [of automating security in the cloud to search and triage], then asked vendors to work with IDT on this project. IDT already had the basic framework working in a week, and went from small enterprise to enterprise, including the cloud.”
Ben-Oni summed up by saying that visibility of what’s going on in your cloud and the speedy resolution of attacks are both key to dealing with hacking threats today.