Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

The Bolt-on Challenge: Closing Security Gaps Through an Integrated Security Architecture

As our IT environments have expanded to include networks, endpoints, mobile devices and virtual assets so too have our security tools. Most organizations have ended up with a set of disparate technologies across these control points that were never designed to work together. The result: breaches happen. It’s a fact of life.

As our IT environments have expanded to include networks, endpoints, mobile devices and virtual assets so too have our security tools. Most organizations have ended up with a set of disparate technologies across these control points that were never designed to work together. The result: breaches happen. It’s a fact of life. As our protection methods improve and security effectiveness levels reach new heights, the bad guys are digging deeper and using advanced techniques and new attack vectors to circumvent existing protection methods.

The integration done to date, if any, is typically one way – the visibility and analysis isn’t automatically correlated and translated into action so that we can contain and stop damage and prevent future attacks. And the data gathered is usually a snapshot in time, not continuously updated to monitor activity as it unfolds.

Bolt With WrenchTo complement integrated visibility and analysis we need integrated and automated controls and intelligence. And we can’t just focus on point in time data; we must remain continuously vigilant to combat today’s more sophisticated attack techniques. What happens in the case of malware that disguises itself as safe to evade detection and exhibits malicious behavior later? Or when indicators of compromise are imperceptible on their own and only point to an attack when distinct data points are correlated – such as an endpoint trying to access a database that it wouldn’t normally, while a system on the network attempts to communicate back to a known bad (blacklisted) IP address? Integration must address the full attack continuum, not just before an attack but also during and after, so that we can adapt our defenses and take action to protect our assets.

What’s needed is a tightly integrated enterprise security architecture. A 2012 survey by market research firm Enterprise Strategy Group found that 44% of enterprise security professionals believe that over the next 24 months their organizations are likely to design and build a more integrated enterprise security architecture to improve security controls with central policy management, monitoring and distributed policy enforcement.

An enterprise security architecture can provide continuous security – before, during, and after an attack. With security infrastructure based on the concept of awareness and using a foundation of visibility, we can aggregate data and events across the extended network. This evolves security from an exercise at a point in time to one of continual analysis and decision-making. With this real-time insight we can employ intelligent automation to enforce security policies across control points without manual intervention, even after a breach has occurred.

After an attack we need to mitigate the impact and prevent future similar attacks. With an infrastructure that can continuously gather and analyze data to create security intelligence we can, through automation, identify and correlate indicators of compromise, detect malware that is sophisticated enough to alter its behavior to avoid detection and then remediate. Compromises that would have gone undetected for weeks or months can be identified, scoped, contained and cleaned up rapidly. We can also move forward with more effective security by automatically updating protections and implementing integrated rules on the perimeter security gateway, within security appliances protecting internal networks, on endpoints and on mobile devices to detect and block the same attack.

As we look to the future, we know that our IT environments will continue to expand, spawning new attack vectors we have yet to imagine. An integrated security architecture provides a dynamic foundation so that security measures can remain continually effective and relevant in a changing world.

Attackers don’t discriminate. They’ll use every weapon at their disposal to accomplish their mission. As defenders we need to as well. With a powerful enterprise security architecture based on awareness and continuous capabilities we can close security gaps across the ever-extending network – before, during and after an attack.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet