Security must evolve to better address the new reality of a dynamic and rapidly changing environment.
This year has been one of the most damaging – and embarrassing – periods in the annals of information security. A barrage of high-profile security attacks on commercial and consumer giants coupled with devastating blows on security vendors themselves have exposed the technologies, services and processes we rely on for our defenses. With traditional approaches to IT security most organizations don’t stand a chance of adequately protecting their IT infrastructure.
Traditional security tools were designed for a stable, slowly changing environment. They weren’t built to deal with rapid changes to resources, users, applications and systems all too common in most of today’s organizations. Nor were they built to rapidly react to changing attacks. There were nearly 300 million new pieces of malware observed in 2010, and data gathered by Sourcefire researchers indicates nearly 75% of these attacks were only ever seen on a single system. These swiftly morphing attacks result in threat lifecycles of mere hours, leaving static defenses further and further behind.
Agile Security succeeds in delivering effective protection because it’s a continuous process with four essential elements:
• See. Agility demands clarity, but too often traditional security is blind to changing conditions and new attacks. Agile security solutions provide ready access to an unprecedented breadth and depth of information, yielding visibility into assets on the network, operating systems, applications, services, protocols, users, network behavior as well as network attacks and malware.
• Learn. Visibility generates data. Being able to make effective decisions in response to that data requires rapid learning. Learning involves the application of intelligence, generated both locally and collectively by the larger community, in order to gain perspective. Agile security solutions correlate events with knowledge as an essential avenue to understanding and decision-making; enabling prioritized, automated, and informed responses.
• Adapt. The only real constant is change. Networks change, targets change, attacks – and even attacker’s motivations – change. And how do most security solutions respond to that dynamism? They don’t change. At least not without considerable effort, and generally at a pace that leaves resources open to successful exploit. Agile security solutions must have the ability to automatically evolve and modify defenses to provide protection despite constant change.
• Act. The ultimate responsibility of any security system is to protect sensitive assets and data. Malicious attacks must be successfully blocked. Policies – allowed applications, supported devices, prohibited activity – must be enforced. Suspicious or high-impact events must be prioritized and communicated to analysts. Agile security solutions must be able to flexibly respond to security events, prioritize risks, and quickly distribute threat intelligence and deliver the fastest possible protection.
Through a continuous process of See, Learn, Adapt and Act, solutions that enable agile security can deliver effective protection because they have the ability to respond to continuous change.
Let’s take a closer look at one of the key elements of Agile Security – Adapt.
In today’s IT environment, most security solutions are essentially “black boxes” that are proprietary and closed. The level of individual involvement for such systems is high.
Slow, manual approaches simply do not work and leave systems vulnerable and exposed to attack. Organizations need to change their mindsets when it comes to security and identify solutions that can adapt to events quickly enough to provide the needed protection.
When evaluating security solutions to see if they can adapt to today’s real world environment, organizations should ask if the following essential capabilities are built in:
Defense optimization – the ability to automatically tune security policies to keep pace with changes to unique environments, taking the guesswork out of ensuring protections are optimized.
Policy compliance enforcement – the ability to support “lock down” endpoints and networks, preventing unauthorized or undesirable changes, and reducing the available attack surface.
An open architecture – designed to support complete customization and modification of detection capabilities.
Organizations need agile security solutions that can automatically adapt defenses to ensure their information assets remain secure and uncorrupted. Static defenses have been tried, refined, and found to lack the agility required to successfully defend today’s rapidly changing IT environments. It’s time to change our thinking in information security. It’s time for Agile Security.