THE BLOG

Is 2015 the Year for the Threat-centric Network?

05/12/2014 15:14 GMT | Updated 02/02/2015 10:59 GMT

As an old year comes to a close we often start to look for trends and predictions of what the New Year holds for us in business and especially those in cybersecurity who are increasingly at the forefront of defending the enterprise from the continual threat and reality of cybercrime.

While predictions are difficult - other than to suggest things will continue much as they were in 2014 - only more challenging! I was interested to review Gartner's list of the Top 10 Strategic Technology Trends for 2015 and see that all require security to underpin them and ensure their successful adoption.

In particular Gartner called out 'Risk-based security and self-protection' as a key trend for Next Year and I would certainly echo that call.

While I wouldn't go as far as to suggest we are heading towards full automated networks, Gartner themselves suggest in their analysis: 'all roads to the digital future lead through security. However, in a digital business world, security cannot be a roadblock that stops all progress'.

But as we know, there is no silver bullet in security and no matter what we do, no security system is 100% efficient and attacks and breaches will happen. At the same time with the widespread adoption of Bring Your Own Device and the use of a variety of mobile devices in business, plus the ramping up of the adoption of the Internet of Things, defending the perimeter of a network is no longer the answer to good cyber defence.

The enterprise needs to adopt a model that is threat-centric - focused on the threats themselves versus merely policy or controls. It must provide broad coverage across all potential attack vectors, rapidly adjust to and learn from new attack methods, and implement that intelligence back into the infrastructure after each attack.

Ultimately defenders must employ the mindset of an attacker to develop and implement protections across the extended network - before, during, and after an attack.

Today organizations need total visibility of their environment - including the network itself, endpoints, virtual environments, mobile devices, and the cloud, as well as the data center. This will give them a better understanding the risks to their infrastructure, based on target value, legitimacy of an attack, and history. If they don't understand what they're trying to protect, they will be unprepared to configure security technologies to defend. And this visibility must be actionable so that defenders can make informed decisions. This is the 'Before' phase.

Traditional security technologies can only detect an attack at a point in time based on a single data point of the attack itself. This approach is no match against today's advanced cyber attacks. Instead, what's needed is a security infrastructure and an operationalized approach that provides the concept of awareness; one that can aggregate and correlate data from across the extended network with historical patterns and global attack intelligence to provide context and discriminate between active attacks, exfiltration, and reconnaissance versus simply background noise. This is the 'During' phase of security.

With an infrastructure that can continuously gather and analyze data to create security intelligence, security professionals can, through automation, identify Indicators of Compromise, detect advanced malware that is sophisticated enough to alter its behaviour to try to avoid detection and analyze full network packet capture in order to successfully identify and remediate. Using retrospective techniques like this one can discover threats that would have gone undetected for weeks or even months, They can be scoped, contained, and remediated. This is the 'After' phase of security.

A threat-centric model and operational approach to security enables defenders to respond at any time, all the time. Continuous monitoring, automated analysis, control automation, and retrospective security exist already. They are integrated. They are pervasive. And they work together, in continuous fashion, to secure networks, endpoints, virtual, data centers, the cloud, and mobile across the full continuum - before, during, and after the attack.

So clearly the tools are available to address Gartner's key 2015 trend, we just need to see widespread adoption of security which protects against the professional cybercriminal by using visibility across the whole network; automation and dynamic control to adapt to the threat ; and can even go back to reevaluate a file, application or threat and retrospectively turn back the clock and remediate.