adaptive-security-architectureAccording to a recent report by Deloitte, the average cost of a data breach to a single Australian business is more than $2.5 million per year. On top of that, the average breach compromises more than 20,000 records (accounts or credentials). These numbers are expected to rise as organisations confront the twin challenges of protecting their on-premise software well as their applications in the cloud. It is really no surprise that in a recent survey reported by CIO.com, the majority of CIOs listed IT security as one of their chief priorities for the year 2016.

The adaptive security architecture can help enterprises shift their existing mind-set of “incident response,” wherein incidents are thought of as occasional, one-off events, to a mind-set of continuous response, where they assume that cyber-attacks are relentless and hackers have the ability to continuously penetrate the systems.

An adaptive security architecture can be used to mitigate some IT security breaches. It can be used to continuously track existing and potential security threats. This architecture provides a balanced approach that allows enterprises to include enterprise security as an important component of their end-to-end business processes. It was also listed among Gartner’s top 10 strategic technology trends for 2016.

What exactly is adaptive security architecture ?

According to the Gartner report, “Designing an Adaptive Security Architecture for
Protection from Advanced Attacks,” adaptive security architecture comprises of four, high-level categories of competence. The capabilities within each category can help the enterprises establish a comprehensive, adaptive platform that protects against attackers.

1. “Preventive” capabilities are the preventive policies, products, and processes that are put in place to counter attacks. The key goal of this category is to raise the bar for attackers by reducing the surface area for attacks before these attacks can affect the entire enterprise.

2. “Detective” capabilities are designed to discover attacks that evade the preventive category. The key goal behind this category is to reduce the dwell time for threat detection and therefore prevent potential damages from becoming actual damages.

3. “Retrospective” capabilities are required to drill down and remediate issues discovered by detective activities (or by outside security services) and to provide forensic insights and root cause analysis. Retrospective proficiencies can be used to recommend new preventive measures to avoid future incidents.

4. “Predictive” capabilities enable the security team to learn about and record external events via external monitoring of the hacker activities to proactively anticipate new attack types against the current systems. This intelligence is later used as feedback into the preventive and detective capabilities, thus closing the loop on the entire set of adaptive security capabilities.

In my next post, we will dig a little deeper into specific reasons why enterprises should adopt this framework to enhance their IT security measures.