Christof Jacques (Security Engineer at Check Point) and Emanuel Da Costa (Security Engineer at Check Point) will both participate to IT Days, next Thursday. We asked them about security in the cloud and fifth-generation cyber attacks.
What are the main security risks companies could face when they rely too much on the cloud?
Christof Jacques: Organizations seeking to optimize business operations and reduce costs increasingly move to cloud applications and software-as-a-service (SaaS) products.
However, SaaS applications serve as a platform for hackers to target enterprises. Malware, phishing attacks on cloud-based email like Office365 and Gmail, and takeover of employee SaaS accounts have become prevalent methods to steal company data and money. Compounding the issue is the fact that the cloud is a shared responsibility when it comes to security. Cloud service providers deliver strong security controls to protect the cloud fabric but they have no knowledge of “normal” customer traffic and thus are unable to determine malicious content or activity from benign. At the same time, native cloud security capabilities do not offer the same robust protections customers enjoy on their premises-based networks, leaving cloud services exposed and prone to new threats such as user account takeovers.
What are the main elements of a cybersecurity strategy that could prevent fifth-generation cyber attacks?
Emanuel Da Costa: Today's attacks are the most sophisticated we have ever seen. Theses mega attacks are now large-scale and multi-vector. Enterprises are still using multiple security solutions that are no longer effective against theses generations of attacks. The main elements of a cybersecurity strategy that could lead to success in preventing fifth-generation cyber attacks are the use of the best threat prevention technologies across a business’s entire IT infrastructure of networks, cloud and mobile, a real time sharing of threat intelligence across enterprises and within the enterprise, a single consolidated security management framework.
Publié le 20 septembre 2018