Connect with us

Hi, what are you looking for?


Management & Strategy

Agile Security is Key to Stopping Today’s High-Profile Breaches

Security must evolve to better address the new reality of a dynamic and rapidly changing environment. 

Security must evolve to better address the new reality of a dynamic and rapidly changing environment. 

This year has been one of the most damaging – and embarrassing – periods in the annals of information security. A barrage of high-profile security attacks on commercial and consumer giants coupled with devastating blows on security vendors themselves have exposed the technologies, services and processes we rely on for our defenses. With traditional approaches to IT security most organizations don’t stand a chance of adequately protecting their IT infrastructure.

Traditional security tools were designed for a stable, slowly changing environment. They weren’t built to deal with rapid changes to resources, users, applications and systems all too common in most of today’s organizations. Nor were they built to rapidly react to changing attacks. There were nearly 300 million new pieces of malware observed in 2010, and data gathered by Sourcefire researchers indicates nearly 75% of these attacks were only ever seen on a single system. These swiftly morphing attacks result in threat lifecycles of mere hours, leaving static defenses further and further behind.

Sourcefire Agile SecurityAs real world experience demonstrates, static security tools quickly lose touch with the environment they’re meant to protect. Security must evolve to better address the new reality of a dynamic and rapidly changing environment. Security must mature and, in a word, become “agile.”

Agile Security succeeds in delivering effective protection because it’s a continuous process with four essential elements:

See. Agility demands clarity, but too often traditional security is blind to changing conditions and new attacks. Agile security solutions provide ready access to an unprecedented breadth and depth of information, yielding visibility into assets on the network, operating systems, applications, services, protocols, users, network behavior as well as network attacks and malware.

Learn. Visibility generates data. Being able to make effective decisions in response to that data requires rapid learning. Learning involves the application of intelligence, generated both locally and collectively by the larger community, in order to gain perspective. Agile security solutions correlate events with knowledge as an essential avenue to understanding and decision-making; enabling prioritized, automated, and informed responses.

Adapt. The only real constant is change. Networks change, targets change, attacks – and even attacker’s motivations – change. And how do most security solutions respond to that dynamism? They don’t change. At least not without considerable effort, and generally at a pace that leaves resources open to successful exploit. Agile security solutions must have the ability to automatically evolve and modify defenses to provide protection despite constant change.

Advertisement. Scroll to continue reading.

Act. The ultimate responsibility of any security system is to protect sensitive assets and data. Malicious attacks must be successfully blocked. Policies – allowed applications, supported devices, prohibited activity – must be enforced. Suspicious or high-impact events must be prioritized and communicated to analysts. Agile security solutions must be able to flexibly respond to security events, prioritize risks, and quickly distribute threat intelligence and deliver the fastest possible protection.

Through a continuous process of See, Learn, Adapt and Act, solutions that enable agile security can deliver effective protection because they have the ability to respond to continuous change.

Let’s take a closer look at one of the key elements of Agile Security – Adapt.

In today’s IT environment, most security solutions are essentially “black boxes” that are proprietary and closed. The level of individual involvement for such systems is high.

Slow, manual approaches simply do not work and leave systems vulnerable and exposed to attack. Organizations need to change their mindsets when it comes to security and identify solutions that can adapt to events quickly enough to provide the needed protection.

When evaluating security solutions to see if they can adapt to today’s real world environment, organizations should ask if the following essential capabilities are built in:

Defense optimization – the ability to automatically tune security policies to keep pace with changes to unique environments, taking the guesswork out of ensuring protections are optimized.

Policy compliance enforcement – the ability to support “lock down” endpoints and networks, preventing unauthorized or undesirable changes, and reducing the available attack surface.

An open architecture – designed to support complete customization and modification of detection capabilities.

Organizations need agile security solutions that can automatically adapt defenses to ensure their information assets remain secure and uncorrupted. Static defenses have been tried, refined, and found to lack the agility required to successfully defend today’s rapidly changing IT environments. It’s time to change our thinking in information security. It’s time for Agile Security.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.