informa
/
Analytics
News

A New Spin on Adaptive Security

Gartner's next-generation security model has its roots in other efforts

The real-time, adaptive security infrastructure (ASI) posed by Gartner this week has triggered déjà vu and debate among security experts. (See Gartner Details Real-Time 'Adaptive' Security Infrastructure.)

Neil MacDonald, vice president and fellow at Gartner, described the vision of this next-generation security model during his keynote at the Gartner Security Summit on Tuesday. ASI adapts to threats in real time rather than in the aftermath of an attack, with interconnected services and tools that communicate and share information so that network, host, application, database, and content security are no longer separate “silos,” but one synchronized security system.

But some experts say this concept unveiled by Gartner is really nothing new. Network Associates (now part of McAfee), for example, in the late 1990s offered the Active Security family of products, which integrated a security assessment scanner, an early generation policy manager, firewall, and a PKI server. But Active Security never really caught on.

Gartner’s MacDonald says there are a few vendor efforts today that include adaptive security, but just within their own product lines -- Sourcefire’s RNA/RUA integration, Microsoft’s Stirling, IBM ISS’s “Phantom,” Cisco’s purchase of Reactivity and Securent, for instance. He argues that these and other “silos” are counterproductive to the adaptive model overall.

“The Adaptive Security Infrastructure framework I am proposing tears down these silos,” MacDonald says. “Security must evolve to an adaptive system of interconnected services that communicate and share information to make better, faster security decisions.”

Meanwhile, a little-known security firm hopes to patent a similar adaptive technology: Live Square Security has filed for a patent for a combination of hardware and software that basically unites the network with the application layer, says Brett Scott, a security consultant with Live Square. “So if the application gets hammered, it can cry out to the network device ‘help me, I’m under attack.'"

Although Scott wouldn’t divulge too many details about the technology, he says it also draws from a grid network of devices Live Square uses to support its clients, building a knowledge base of sorts that it uses to help protect all of its customers. “It [the security device] sits behind the firewall and does the work to make it play nice,” Scott says. “It gains better reconnaissance on hackers and speeds up the ability to respond” to threats.

Meanwhile, Gartner’s MacDonald notes that another big piece of the ASI is that security would be better blended with operations from the get-go rather than being added after the fact. And authorization management and policy would become an on-demand service that adapts to the user’s situation when he or she accesses an application, for example.

Critics, meanwhile, say the Gartner ASI vision really just recycles an old idea that historically has failed to get off the ground. But Ted Julian, vice president of marketing for Application Security Inc., says the bottom line is that the big ideas in security are constantly being recycled -- but within new and updated contexts.

“The best of the big ideas have staying power because the context not only supports but expands upon the original concept in ways its creators never dreamed,” says Julian, who co-authored a report on so-called “inverted security” in 1999 while with Forrester Research. Inverted security shares some of the same concepts in Gartner’s ASI.

“Even if you argue Neil’s big idea isn’t new, relating it to today’s environment and thus emphasizing the role newer technologies play -- like various kinds of data-centric security and virtualization -- is totally helpful and could be big ideas in their own right,” Julian says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Gartner Inc.
  • McAfee Inc. (NYSE: MFE)
  • Application Security Inc.
  • Sourcefire Inc. (Nasdaq: FIRE)
  • Cisco Systems Inc. (Nasdaq: CSCO)
  • Microsoft Corp. (Nasdaq: MSFT)
  • IBM Internet Security Systems

  • Recommended Reading:
    Editors' Choice
    Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
    Joshua Goldfarb, Director of Product Management at F5