Despite the increased amount of training, new software solutions and advanced hardware dedicated to reducing cyber-attacks, the problem is worse than ever. Solution providers and IT professionals need their cyberdefense skills to evolve as hackers become more advanced and creative with their methods of attack.
Industry association CompTIA this week announced a new vendor-neutral security certification, Cybersecurity Analyst (CSA+), to bring behavioral analytics to the forefront of assessing cyberthreats. The goal is to apply big data analytics approaches to cybersecurity, relying less on traditional signature-based approaches such as firewalls and intrusion detection.
James Stanger, Senior Director of Products at CompTIA, told The VAR Guy that one of the things that moves the needle in favor of cyberdefense is paying close attention to the network: how it behaves, how protocols work within it and how users interact with it. Then take it a step further and applying analytics to the collected data.
“It's really an asynchronous approach to security, because now you're starting to pivot resources, or at least think about pivoting resources to where the data tells you,” he says. “It's really more along the lines of modeling networks and then identifying trends. Security workers are using more predictive analytics about where can the next attack happen—the kind of indicators that are happening below the threshold of your typical intruder detection or vulnerability scanner yet are still important.”
Hardware and software are still critical, however today’s security threats require a professional with a specialized skillset to interpret and analyze network traffic more than ever. To that end, CompTIA’s new CSA+ certification will offer broad-spectrum validation of knowledge and skills required to configure and use cyber-threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization. The association says it certifies knowledge of a data-driven approach to information security.
CompTIA offers two other security credentials: Security+ and CompTIA Advanced Security Practitioner (CASP). Security+ is designed for entry-level security professionals or workers who are looking to augment and supplement their knowledge base in other areas such as networking. On the other end of the spectrum, CASP is designed for security consultants or individuals targeting specific systems or creating response tactics to handle very specific attacks. CSA+ is the bridge between these two certifications.
Stanger says this “security passway” isn’t limited to security professionals alone. In today’s new IT paradigm emerging from the digital transformation, every IT professional needs an understanding of security.
“It's still early days with CSA+ but I have seen evidence of individuals who are really much more networking professionals who are taking this because they have to often talk to security professionals all around and communicate with them properly,” he says. “It’s a combination of skills that are very important.”
In addition, the mindset today is far less about preventing hacks than it is managing them when they almost inevitably happen. “We know due to advanced persistent threats that hackers are very likely lurking all around systems, and it's more how can you absorb the hacking hit,” says Stanger. “So More people who are say server administrators or cloud-people, they are realizing that they need to augment their skills with a security training or security certification much more than ever before.”
Arming all IT professionals with security skills becomes even more important as the Internet of Things (IoT) becomes a mainstream technology and the line of business (LOB) buyer increasingly introduces new technology and devices into the network.
“The industry needs not only to train and educate more cyber-security analysts, but the industry needs to regulate itself so that there are IOT standards on the production side. On the consumption side, we need more individuals who are trained in security from the ground up, says Stanger. “So we have opinions about the production side, but we've definitely taken action based on what the industry wants on the management side to upscale people so that they are ready for the challenges moving forward concerning automation and IOT.”
CSA+ certification is geared toward professionals who are interested in have a fundamental understanding of many security concepts and best practices. The ideal student should know their authentication and encryption cold, understand authentication, and have a good understanding of the types of common types of vulnerabilities such as cross-site scripting, application-based issues, buffer over-flows, and how denial of service techs work.
"The Internet of Things is not only bringing greatly expanded capability to homes and businesses, it's also opening up potentially billons of new points of vulnerability that need to be secured, " said CompTIA President and CEO Todd Thibodeaux. "It's an economic and societal imperative to train and certify hundreds of thousands of IT professionals with the analytical skills they need to address the complexity and diversity of threats as they multiply."