Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
6/23/2016
03:50 PM
Brett Kelsey
Brett Kelsey
Partner Perspectives
50%
50%

Adaptive Security Demands A Shift In Mindset: Part 2 In A Series

By adopting new ways of thinking about security, improving the capabilities of existing systems, and integrating key innovations, enterprises will be well on their way to better security.

In blog 1 of our series, we examined three realities that are driving enterprises to embrace an adaptive approach to security -- an idea coined by Gartner and explained in the report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks.

Pardon the cliché, but as my mother was fond of saying, “An ounce of prevention is worth a pound of cure.” As someone who believes in a proactive approach to good health, I believe that this ounce of prevention applies to other areas of life as well, but sometimes we have to think beyond just prevention.

In the security world, some believe that it’s a given that the bad guys will get in, so let’s stop worrying about prevention. That’s like saying that you believe it’s inevitable that you’ll contract a serious disease, so you just work on treating the illness when it takes hold and not bother to work on preventing it in the first place or not monitor yourself along the way. I tend to disagree with this perspective. In this blog post, we’ll take a look at how some security professionals think, and why they need to change their mindset in some key areas and embrace an adaptive approach to security to mature their defenses.

“Blocking and Prevention Solutions Will Keep All the Bad Guys Out.” I’m a big advocate of good nutrition, regular exercise, and sufficient rest. But even if you take these basic preventative measures, life can still throw you a curve ball. You may catch a rare disease while vacationing on an exotic island or injure yourself while participating in a triathlon. In much the same way, enterprise security teams believe that investing heavily in blocking and prevention solutions is a surefire way to keep bad actors out. However, the problem is that today’s well-funded and technologically advanced bad guys churn out complex and sophisticated attacks faster than most security vendors can release products to stop them. Ten years ago, we saw approximately 25 instances of malicious code at my organization. Today, that number is just under 500,000.

While preventative controls are important against opportunistic attacks, most of today’s most destructive threats are low-and-slow targeted attacks that can circumvent traditional signature-based defenses such as antivirus technology. Basic prevention alone is not enough. This is something that enterprise security organizations need to accept. The fact is, no matter how much enterprises spend on blocking and prevention solutions, they can never keep 100% of threats at bay. Some are always bound to get past current defenses.

“There’s Nothing We Can Do Once the Bad Guys Are In.” In the security world, it’s true that some malware or creative hacking will make it past enterprise defenses. So what do you do? When it comes to your health, you make sure you get regular checkups and see the doctor when you experience symptoms instead of letting things get worse. In enterprise security, the next mindset change that needs to occur is to realize that detection and response are as important as blocking/prevention technologies. Without effective support for these processes, attacks will have longer dwell times, leading to more serious damage. Clearly, enterprises are beginning to move in the direction of continual detection, monitoring, and response. Gartner estimates that by 2020, enterprise security teams will allot 60% of their budgets to rapid detection and response solutions -- up from less than 10% in 2014.

“Our Security Products Don’t Have to Communicate.” As enterprises struggle to protect themselves against the next new attack, they are drawn to the promise of the latest shiny silver-bullet product. In health, as in security, there’s no magic cure-all. All too often, the silver-bullet approach results in a mash-up of siloed solutions that can’t communicate with each other. But this best-of-breed approach can still succeed by designing in data integration and process and policy orchestration.

Here’s a health-related comparison. HIPAA (Health Insurance Portability and Accountability Act) sets standards for health information privacy, security, and communications format in an effort to enable electronic exchange of patient data. Now specialists and other practitioners can easily share and analyze medical records without any manual effort and come up with an effective course of treatment faster.

The premise behind an adaptive security infrastructure is much the same. If the technologies are connected and enabled to exchange insightful threat information and context, security teams and processes will be more effective both in the short term and long term. So if you allow me to slip in a different analogy, it isn’t just a silver bullet, but rather a bunch of bullets -- and what we’re really trying to do is make them fit in the same gun.

“Incident Response Only Needs to Happen on an As-Needed Basis.” Getting back to health again, what happens if you have a car accident or suffer a severe injury? These types of incidents require immediate attention and response. In our everyday lives, we make the assumption that incidents like these may happen, so we create a proactive continuous response process. We visit the doctor for annual physicals, get the right tests, and see specialists if we develop a condition. And, yes, occasionally we might end up in the emergency room.

Many enterprises have an “emergency response” consciousness. They look at incident response as something that happens only when a security event is discovered. A bad actor introduces malware or compromises a corporate asset, a security team is pulled together to investigate and remediate, and then everything goes back to normal. Today, this ad hoc approach is not an option. The new normal is the continual risk of compromise, which demands continuous response. Finding the bad guys and stopping them from doing further damage must become an ongoing endeavor with formal plans and optimized processes that feed learnings back in to improve policies, processes, and technologies. This feedback loop is the key to adaptive security.

Get On The Adaptive Security Bandwagon

“If you can change your mind, you can change your life,” said William James, the father of American psychology. This certainly rings true in the realm of security. By adopting new ways of thinking about security, improving the capabilities of existing systems, and integrating key innovations, enterprises will be well on their way to better security.

Stay tuned for blog 3 of this series, which will address the specifics of what it takes to create an intelligence-driven security operations center (SOC).

To learn more about Gartner’s research in this space and approaches for implementing adaptive security, view this webinar featuring Neil Macdonald from Gartner and me as we talk about the Adaptive Security Architecture concept.

Brett Kelsey is the VP and Chief Technology Officer for the Americas for Intel Security. In this role, he has leveraged his business and practice development, technical expertise, and innovative thought leadership to evangelize Intel Security's go-to-market strategy across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...