Context and data was one of the most common themes at the Gartner 2013 EMEA Security & Risk Management Summit in London. After all, if you don't know the context of a security event, and don't have the data available to analyse that event, how can you know how important it is?
Context-aware security is about making use of additional information to improve security decisions at the time the decision is made. By doing this, it ensures that more accurate security decisions are taken to provide better protection against advanced threats.
In one of the sessions, Gartner's Neil MacDonald highlighted a perfect example of this context and data requirement. A bank receives an online banking request from a regular customer to move money from one account to another. The customer has logged onto the online banking site and has correctly used her password and credentials. All would seem right with the world.
But, hold on a minute... what if the bank was able to determine that their online customer is using a different computer from normal? She is accessing the online banking site during what would be the small hours in the country where she lives; and indeed it appears the computer she is using is located several thousand miles away from where she carried out her last online transaction, just a few hours ago.
Suddenly the context and the data the bank has available has changed the whole picture from an apparently innocent transaction, to one which most likely was a fraudulent one. They have the context and information to decide to block the transaction until more information can be sought.
It seems simple, however it is surprising how many businesses purchase tactical static security solutions to solve a problem at a point in time. But they do not think of the dynamic nature of their environment or the threat, rendering these tactical purchases useless over time. It's like the boy with his thumb in the dyke to stop it bursting.
Today's IT organizations need a dynamic approach to defending the network--one that uses awareness and automation to provide visibility and context while constantly adapting to new threats, new vulnerabilities, and everyday network changes.
When it comes to IT security, context-awareness is critical to staying ahead of the bad guys. The rate of change in today's IT environments--the number of devices, users, applications and systems that connect to our infrastructure every day--is unprecedented. In addition, attacks are coming at an increasing rate and with an increasing level of sophistication. Old security solutions are typically blind to changing conditions and new attacks. Because you can't protect what you can't see, these traditional security solutions fall short of providing needed protection.
Security solutions that are context aware can see and intelligently correlate extensive amounts of event data related to IT environments--applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviours, files and threats. This correlation provides the context needed to automatically and flexibly tune and protect organizations from today's advanced threats.
But it isn't enough to see and correlate data. Essential to context-awareness is the ability to learn and quickly respond. Not only do traditional security models lack the context to understand the security implications of new events, but because they typically are static--designed for a time when IT environments were fairly stable--they lack the ability to adapt accordingly. Ill-suited for the demands placed on them today, they fall further and further behind in their ability to combat advanced threats. The latest network security platforms must be agile in order to adapt to not only today's threats, but tomorrow's as well.
Network security platforms are increasingly being defined by awareness, context and agility. From the endpoint to the network, as threats become smarter and faster and computing environments become more complex, organisations can no longer rely on first-generation solutions for adequate protection.
Context is everything in security.
Follow Graham Welch on Twitter: www.twitter.com/Sourcefire