In an interconnected digital world, a single point of weakness can provide a beachhead to take down critical infrastructure. Elevating the strategic significance of cyber security in India, the National Security Advisor recently released recommendations of a Joint Working Group on Engagement with the Private Sector on Cyber Security. The recommendations highlight a shortage of 500,000 security professionals or ‘cyber-warriors’ to safeguard the digital frontiers of the nation.

Security Threat Landscape and the Cyber-warrior

To understand the magnitude of this shortfall and the role of ‘cyber-warriors’, it is important to take a step back and review the security threat landscape. According to the latest Symantec Internet Security Threat Report Volume 17, India ranked first for malicious code globally in 2011, with the number of unique malware variants increasing to 403 million and the number of Web attacks blocked per day by 36 percent. Even as motivation of cyber attackers has moved from fame to financial gain, malware has become a successful criminal business model with billions of dollars in play. We are now in the third significant shift in the threat landscape —one of cyber-espionage and cyber-sabotage.

This shift requires cyber defence operations that in many ways are similar to those of defending a warship in hostile waters. When in operation the ship better not be seen. If seen better not be hit. If hit better not be penetrated. If penetrated it should minimize the damage and if damaged it should try to fix it as soon as possible and get back to action.

Evidently, to be a security expert an engineer needs to possess the skill set and mindset to perform a defensive, yet pre-emptive role in protecting information. Further, the digital world operates 24X7, and it knows no physical boundaries – to keep pace, security engineers need to have a degree of foresight and quick thinking to mitigate threats before they cause widespread damage. It takes a considerable amount of training and experience to become a ‘cyber-warrior’. Monitoring the cyber space for threats and gathering security intelligence is an important part of a cyber warrior’s role. It is in many ways the beating heart of decisions and products related to cyber security.

Behind the Scenes - Detection and Analysis Techniques

Not only is it important for researchers to scan for threats but equally critical is to keep track of clean files that could be a part of any authentic application like an installer or library files. It is the basis for security software or anti-virus to alert users about the safety of a downloaded file or website. This forms a part of the role that Symantec’s security engineers perform. Symantec’s Security Response team is a group of security engineers, threat[l1] analysts and researchers spread across the globe including India. They have access to unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. Symantec maintains one of the world’s most comprehensive vulnerability databases, more than 64.6 million attack sensors, records thousands of events per second, five million decoy accounts, and processes over eight million email messages and more than 1.4 billion web requests each day across 15 data centres.

One of the interesting methods used to pre-empt malware attacks is ‘honey pots’ - vulnerability look-alikes or unprotected systems that attract malware. Once contacted with a malware, the system tracks the fingerprint of the malware and sends it to security experts for analysis.

Usually, after a file is declared a threat, it is categorized based on its behaviour and a fingerprint or signature is created using an appropriate technology that specifies the identity of the threat to an end-point protection system. Finally, the upgrade is shared with millions of end-points helping them secure their systems.

Diverse Roles of Security Experts

Teams of security engineers take up different roles based on the threats that vary from malware, exploits, spam emails or phishing websites. While a malware engineer would focus on detecting and developing signatures to protect against malware, a vulnerability analyst finds out which systems or applications are vulnerable and exploitable. Fulfilling a specific role often demands more than one type of analytical skills and therefore definitive training.

There are global standards and certifications to train and skill-up security professionals, such as the GCIA – (GIAC-Certified Intrusion Analysts by an organization - GIAC - Global Information Assurance Certification) play an important role in identifying and certifying individuals based on their knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files. These certifications help professionals understand the vulnerabilities and strengths of each platform to ensure that information is safe regardless of the type of device it resides on.

While technical skills may be in abundance, strength of character and integrity is one attribute that should be integral to a cyber-warrior. Businesses, governments and consumers rely on these individuals to secure their information and identities, and it is important that they demonstrate and hold their trust.

Cyber attackers today are an organized force and one individual alone cannot defend against them. Teams of specialists are required to combat the threats of today. For a security professional, the question is not ‘if’ he will face a real-life threat scenario, but ‘when’; usually, many times in a single day. It is therefore a welcome - and much-awaited move - to create a 500,000-strong army of security experts for the country."

(The author is VP and MD, India Product Operations, Symantec)

Related Topics
comment COMMENT NOW