In my previous blog, we learned about the basics of adaptive security architecture .We also learnt why enterprises need to focus on a more comprehensive and progressive approach to address their IT security risks.In this blog, we will learn some of the main reasons why enterprises should adopt adaptive security architecture.
Traditionally, enterprise security has focused on blocking and prevention techniques (e.g., antivirus software) as well as policy-based controls (e.g., firewalls). However, sophisticated targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms, making it impossible to protect the enterprise platforms with those techniques alone.
Although traditional SIEM systems will still be necessary to manage real-time detection of threats, enterprises should start incorporating systems that focus on domain-specific intelligence produced by the adaptive security architecture. Below are the four reasons why organisations should adopt an adaptive security architecture.
Reason 1: Most organisations today continue to invest mainly in prevention-only security techniques.
Most organisations today continue to invest mainly in prevention-only security techniques. But certain persistent threats can bypass these preventive controls. This could be dangerous as malware can sit on the network stealing data for weeks or months because organisations lack detective or predictive methods.More often than not prevalent block and prevent capabilities are insufficient to protect the enterprise platforms .
Today’s enterprise cyber network demands tools and processes that equip enterprises with an anticipatory edge. It’s important to invest in detection, response, and prediction capabilities , a progressive solution that can be implemented to counter any attacks not detected by preventive controls.
Reason 2: The advanced security capabilities from different vendors are not integrated appropriately.
If an enterprise implements detection, prevention, response, and prediction security capabilities from vendors they are often implemented in silos, resulting in increased costs and decreased effectiveness.Enterprises should rather start favoring context-aware security platforms from vendors that provide integrated prediction, prevention, detection, and response capabilities.
A common analogy to describe context-aware security is that it’s a door with a lock. A standard preventive security door would simply require a key. By comparison, a context-aware security door is customized to behave differently in different scenarios. A person in Australia might require just a key to open the door, while a person in the United States would need to know a secret password.
The context-aware security platforms make use of the adaptive security architecture concepts and provide real-time, contextual and supplemental information to improve security decisions. This way enterprises can overcome the problem of non-integrated silos by using additional information from contextual sources at the point when security decisions are made. Using context-aware security platforms, enterprises can establish an effective communication channel between the vendors and IT security teams with an overall objective of preventing unauthorized end users or insecure computing devices from accessing the enterprise data or network.
Reason 3 :Traditional monitoring practices are becoming increasingly insufficient.
As the need for continuous security intelligence and accelerated incident response increases, traditional log event management tools and monitoring practices are becoming increasingly insufficient. The IT security team needs to continuously monitor the systems for new vulnerabilities, new attack techniques, and anomalous and suspicious activities that might indicate security incidents.
For this purpose, security operations should consider a unified solution to comprehensively monitor all layers of the IT stack (i.e. network packets, flows, OS activities, website content, user behaviors, and application transactions).The IT team should also ensure that these unified security policies are implemented across all possible data centers, public clouds, and hybrid environments.
Reason 4: Most organisations have many blind spots while implementing incident response techniques.
Continuous response techniques are based on the assumption that monitoring the network once a month, or once a week, or even daily is not enough. This is because most organisations deploying incident response techniques in their IT security systems have many blind spots—once the malware is detected on the network, the major damage has already been done.An ad-hoc approach to incident response is no longer a viable solution given the risk of continuous attacks on enterprise systems.
The logic and pattern that needs to be adopted for continuous incident response demands the application of modern machine learning and big data analysis concepts. This helps identify continuous patterns from abstract relationships in the data, network or application behavior anomalies, fraudulent transactions, and other changes, through which you can derive real-time insights and counter future security threats.
Today, cyber security practices are not only on IT teams’ to do lists, but also on the CEOs’ and the company boards’ priority lists. It will be interesting to see if 2016 is touted as the year when there’s a fundamental shift in how companies change their IT security practices.This change has to be urgently adopted before any other major cyber threats adversely impact enterprise business.