Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/3/2008
09:50 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Gartner Details Real-Time 'Adaptive' Security Infrastructure

Future security model addresses arrival of multiple perimeters, mobile users

NATIONAL HARBOR, Md. -- Gartner Security Summit 2008 -- What if your network could proactively adapt to threats and the needs of the business? That’s the vision of the adaptive security infrastructure unveiled by Gartner here today.

Neil MacDonald, vice president and fellow at Gartner, says this is the security model necessary to accommodate the emergence of multiple perimeters and moving parts on the network, and increasingly advanced threats targeting enterprises. “We can’t control everything [in the network] anymore,” MacDonald says. That’s why a policy-based security model that is contextual makes sense, he says.

“The next generation data center is adaptive – it will do workloads on the fly,” he says. “It will be service-oriented, virtualized, model-driven and contextual. So security has to be, too.”

Among the key features of an adaptive security infrastructure are security platforms that share and correlate information rather than point solutions, so the heuristics system could communicate its suspicions to the firewall, for example. “Then the firewall could block the IP address” while the signature-based scanner could create a new signature for the threat, MacDonald says.

“Why doesn’t the heuristic system talk to the firewall?” he says. If security modules such as AV and firewalls communicated, they could correlate data on threats. “Then there would be fewer false positives."

Other features would be finer-grained controls, automation (in addition to human intervention), on-demand security services, security as a service, and integration of security and management data. And, rather than adding security to custom applications after they go operational, security models would be created at the design phase of an app, MacDonald says. “Security and operations would have better synergy."

A major change with this model of real-time, adaptive security is shifting authorization management and policy to an on-demand service that contains details and policy enforcement that matches compliance and can adapt to the user’s situation when he or she is trying to access an application, for instance.

MacDonald admits that the reality of an adaptive security infrastructure seems futuristic and faces plenty of challenges in adoption, but there are some of the building blocks available today, such as virtualization, authorization management, and deep packet inspection, for example.

Among the trends driving this vision is the increase in targeted attacks, as well as what Gartner sees as an explosion in the number of perimeters given mobile users, network guests, and business partners, for instance. “Everything has a perimeter,” and all elements in the network today are potentially hostile, he notes.

And it goes both ways, he says. “Expect our stuff to be plugged into some unknown infrastructure” by mobile users, he says. “Does that environment conform to my policies?”

Ted Julian, vice president of marketing for Application Security Inc., says he was intrigued by MacDonald’s adaptive security model and is surprised that no major security vendors are talking about this type of model today. He says scanning tools could possibly play a major role in this type of security infrastructure, and the key would be sharing information among various types of scanners.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Gartner Inc.
  • Application Security Inc.

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Manchester United Suffers Cyberattack
    Dark Reading Staff 11/23/2020
    As 'Anywhere Work' Evolves, Security Will Be Key Challenge
    Robert Lemos, Contributing Writer,  11/23/2020
    Cloud Security Startup Lightspin Emerges From Stealth
    Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win an Amazon Gift Card! Click Here
    Latest Comment: This comment is waiting for review by our moderators.
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-20934
    PUBLISHED: 2020-11-28
    An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
    CVE-2020-29368
    PUBLISHED: 2020-11-28
    An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
    CVE-2020-29369
    PUBLISHED: 2020-11-28
    An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
    CVE-2020-29370
    PUBLISHED: 2020-11-28
    An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
    CVE-2020-29371
    PUBLISHED: 2020-11-28
    An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.