Today’s enterprise networks, what we now call the Extended Network, include not just networks but all end points, mobile and virtual, that extend to wherever employees are and wherever data is.
The recently published Global State of Information Security Survey from PricewaterhouseCoopers states that smartphones, tablets, the bring-your-own-device (BYOD) trend and the increased use of cloud computing have elevated security risks.
If you combine these increased security risks with the fact that most organisations’ IT infrastructure consists of a set of disparate technologies that were never designed to work together, you end up with security breaches. It’s a fact of life.
The integration done to date, if any, is typically one way – the visibility and analysis isn’t automatically correlated and translated into action so that we can contain and stop damage and prevent future attacks. And the data gathered is usually a snapshot in time, not continuously updated to monitor activity as it unfolds.
To complement integrated visibility and analysis we need integrated and automated controls and intelligence. And we can’t just focus on point in time data; we must remain continuously vigilant to combat today’s more sophisticated attack techniques.
What happens in the case of malware that disguises itself as safe to evade detection and exhibits malicious behaviour later? Or when indicators of compromise are imperceptible on their own and only point to an attack when distinct data points are correlated – such as an endpoint trying to access a database that it wouldn’t normally, while a system on the network attempts to communicate back to a known bad (blacklisted) IP address?
Integration must address the full attack continuum, not just before an attack but also during and after, so that we can adapt our defenses and take action to protect our assets.
What’s needed is a tightly integrated enterprise security architecture. A 2012 survey by market research firm Enterprise Strategy Group found that 44% of enterprise security professionals believe that over the next 24 months their organisations are likely to design and build a more integrated enterprise security architecture to improve security controls with central policy management, monitoring and distributed policy enforcement.
An enterprise security architecture can provide continuous security – before, during, and after an attack. With security infrastructure based on the concept of awareness and using a foundation of visibility, we can aggregate data and events across the extended network.
This evolves security from an exercise at a point in time to one of continual analysis and decision-making. With this real-time insight we can employ intelligent automation to enforce security policies across control points without manual intervention, even after a breach has occurred.
After an attack we need to mitigate the impact and prevent future similar attacks. With an infrastructure that can continuously gather and analyse data to create security intelligence we can, through automation, identify and correlate indicators of compromise, detect malware that is sophisticated enough to alter its behaviour to avoid detection and then remediate.
Compromises that would have gone undetected for weeks or months can be identified, scoped, contained and cleaned up rapidly. We can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks, on endpoints and on mobile devices to detect and block the same attack.
As we look to the future, we know that our IT environments will continue to expand, spawning new attack vectors we have yet to imagine. An integrated security architecture provides a dynamic foundation so that security measures can remain continually effective and relevant in a changing world.
Attackers don’t discriminate. They’ll use every weapon at their disposal to accomplish their mission. As defenders we need to as well. With a powerful enterprise security architecture based on awareness and continuous capabilities we can close security gaps across the ever-extending network – before, during and after an attack.