Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
6/23/2016
03:50 PM
Brett Kelsey
Brett Kelsey
Partner Perspectives
50%
50%

Adaptive Security Demands A Shift In Mindset: Part 2 In A Series

By adopting new ways of thinking about security, improving the capabilities of existing systems, and integrating key innovations, enterprises will be well on their way to better security.

In blog 1 of our series, we examined three realities that are driving enterprises to embrace an adaptive approach to security -- an idea coined by Gartner and explained in the report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks.

Pardon the cliché, but as my mother was fond of saying, “An ounce of prevention is worth a pound of cure.” As someone who believes in a proactive approach to good health, I believe that this ounce of prevention applies to other areas of life as well, but sometimes we have to think beyond just prevention.

In the security world, some believe that it’s a given that the bad guys will get in, so let’s stop worrying about prevention. That’s like saying that you believe it’s inevitable that you’ll contract a serious disease, so you just work on treating the illness when it takes hold and not bother to work on preventing it in the first place or not monitor yourself along the way. I tend to disagree with this perspective. In this blog post, we’ll take a look at how some security professionals think, and why they need to change their mindset in some key areas and embrace an adaptive approach to security to mature their defenses.

“Blocking and Prevention Solutions Will Keep All the Bad Guys Out.” I’m a big advocate of good nutrition, regular exercise, and sufficient rest. But even if you take these basic preventative measures, life can still throw you a curve ball. You may catch a rare disease while vacationing on an exotic island or injure yourself while participating in a triathlon. In much the same way, enterprise security teams believe that investing heavily in blocking and prevention solutions is a surefire way to keep bad actors out. However, the problem is that today’s well-funded and technologically advanced bad guys churn out complex and sophisticated attacks faster than most security vendors can release products to stop them. Ten years ago, we saw approximately 25 instances of malicious code at my organization. Today, that number is just under 500,000.

While preventative controls are important against opportunistic attacks, most of today’s most destructive threats are low-and-slow targeted attacks that can circumvent traditional signature-based defenses such as antivirus technology. Basic prevention alone is not enough. This is something that enterprise security organizations need to accept. The fact is, no matter how much enterprises spend on blocking and prevention solutions, they can never keep 100% of threats at bay. Some are always bound to get past current defenses.

“There’s Nothing We Can Do Once the Bad Guys Are In.” In the security world, it’s true that some malware or creative hacking will make it past enterprise defenses. So what do you do? When it comes to your health, you make sure you get regular checkups and see the doctor when you experience symptoms instead of letting things get worse. In enterprise security, the next mindset change that needs to occur is to realize that detection and response are as important as blocking/prevention technologies. Without effective support for these processes, attacks will have longer dwell times, leading to more serious damage. Clearly, enterprises are beginning to move in the direction of continual detection, monitoring, and response. Gartner estimates that by 2020, enterprise security teams will allot 60% of their budgets to rapid detection and response solutions -- up from less than 10% in 2014.

“Our Security Products Don’t Have to Communicate.” As enterprises struggle to protect themselves against the next new attack, they are drawn to the promise of the latest shiny silver-bullet product. In health, as in security, there’s no magic cure-all. All too often, the silver-bullet approach results in a mash-up of siloed solutions that can’t communicate with each other. But this best-of-breed approach can still succeed by designing in data integration and process and policy orchestration.

Here’s a health-related comparison. HIPAA (Health Insurance Portability and Accountability Act) sets standards for health information privacy, security, and communications format in an effort to enable electronic exchange of patient data. Now specialists and other practitioners can easily share and analyze medical records without any manual effort and come up with an effective course of treatment faster.

The premise behind an adaptive security infrastructure is much the same. If the technologies are connected and enabled to exchange insightful threat information and context, security teams and processes will be more effective both in the short term and long term. So if you allow me to slip in a different analogy, it isn’t just a silver bullet, but rather a bunch of bullets -- and what we’re really trying to do is make them fit in the same gun.

“Incident Response Only Needs to Happen on an As-Needed Basis.” Getting back to health again, what happens if you have a car accident or suffer a severe injury? These types of incidents require immediate attention and response. In our everyday lives, we make the assumption that incidents like these may happen, so we create a proactive continuous response process. We visit the doctor for annual physicals, get the right tests, and see specialists if we develop a condition. And, yes, occasionally we might end up in the emergency room.

Many enterprises have an “emergency response” consciousness. They look at incident response as something that happens only when a security event is discovered. A bad actor introduces malware or compromises a corporate asset, a security team is pulled together to investigate and remediate, and then everything goes back to normal. Today, this ad hoc approach is not an option. The new normal is the continual risk of compromise, which demands continuous response. Finding the bad guys and stopping them from doing further damage must become an ongoing endeavor with formal plans and optimized processes that feed learnings back in to improve policies, processes, and technologies. This feedback loop is the key to adaptive security.

Get On The Adaptive Security Bandwagon

“If you can change your mind, you can change your life,” said William James, the father of American psychology. This certainly rings true in the realm of security. By adopting new ways of thinking about security, improving the capabilities of existing systems, and integrating key innovations, enterprises will be well on their way to better security.

Stay tuned for blog 3 of this series, which will address the specifics of what it takes to create an intelligence-driven security operations center (SOC).

To learn more about Gartner’s research in this space and approaches for implementing adaptive security, view this webinar featuring Neil Macdonald from Gartner and me as we talk about the Adaptive Security Architecture concept.

Brett Kelsey is the VP and Chief Technology Officer for the Americas for Intel Security. In this role, he has leveraged his business and practice development, technical expertise, and innovative thought leadership to evangelize Intel Security's go-to-market strategy across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-15139
PUBLISHED: 2020-08-10
In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Mes...