Those of us in the world of cybersecurity are facing increasingly dynamic threats from profit-driven and sophisticated cybercriminals. We are now living in a world where attacks are driven, more and more, by well-funded organized crime as well as nation states. Given the trends in strategic technology, has the time come for a more risk-based approach to security?
Writing for Net-Security.org, Bret Hartman, VP and CTO of Cisco Security Business Group, outlines some of the highlights from the whole concept of risk-based security and self-protection. Namely:
“In a digital business world, security cannot be a roadblock that stops all progress.”
“Organizations will increasingly recognize that it is not possible to provide a 100% secured environment.”
“Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting.”
It's hard enough to embrace the reality of the situation as it now is: it is no longer a question of 'if' but 'when' an organization gets attacked. Both the motives and the persistence of attackers have increased and, furthermore, their knowledge of classic security technologies and applications is becoming more and more sophisticated.
This challenge will only become harder to face as companies become more wedded with cloud computing and the Internet of Things (IoT). With the number of connected devices growing exponentially – expected to exceed 50 billion connected devices by 2020 – getting security right is crucial to companies.
The best place to start is with a security approach that is both threat-centric and operational – focusing on the threat itself rather than an easily circumvented set of standard policies. A good security system must provide broad coverage and rapidly learn and adjust to new attack methods. New platforms, like Intel's, are taking this on board – enabling large-scale event management and custom analytics. Their new Security BI platform stores server event log data and performs big data correlation to detect abnormalities in the system and flag them for review. This enables users to receive fast answers to security questions.
This all recognizes the fact that, with so many potential threats, a system can never be 100% safe. By focusing on the threats that can cause the most damage to a business, you can improve “the effectiveness of security controls by expanding the use of automated, dynamic controls to block the most serious threats.” By adopting this approach, it is possible to reduce the complexity and fragmentation that can occur during an attack, while at the same time gaining superior visibility and control – before, during, and after an attack.
The good news is that, even as attackers become more sophisticated in their technique, the technologies necessary for staying ahead are vastly improving. Moves must be made towards a security approach that builds from a foundation of visibility and extensive data collection to learning through context and correlation.