Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Continuous Capability – The Next Frontier

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

In my previous column I wrote about the concept of Information Superiority. The premise is fairly straightforward: In the battle for network security, whoever can bring superior intelligence to bear on network and device security problems, wins.

From the very start the bad guys have the advantage. An attacker is focused on local knowledge—information about a specific exploit, a default password, a topological flaw, etc. that they can leverage to gain access. This is a very targeted task. In contrast, a defender needs global knowledge— information about modern network environments and the threat landscape, both of which are constantly and rapidly changing. Gaining sufficient understanding to support the continuous process of securing the environment as it evolves is a broad and challenging undertaking.

Network SecurityThe traditional methods of network and asset discovery have been ill-suited to meet the defender’s information superiority requirements because the scope of their operation is transient; they produce a picture of a moment in time. The inevitable environmental changes are unknown until the next discovery scan resulting in poorly configured security infrastructure, reduced protection, and an increase of false positives (noise) as well as false negatives (missed attacks).

Newer approaches that offer real-time discovery of everything in the environment, contextual awareness to filter out the noise, and intelligent automation to adjust defenses are becoming the foundation for modern security practices.

With these capabilities traditional intrusion prevention systems, firewalls and anti-virus solutions can become next-generation security solutions with advanced technology that arms the defender with information superiority.

But one frontier still remains. These security tools provide protection “in the moment,” addressing suspicious activity and vulnerabilities apparent at a specific point in time. However, there is no follow-on capability. The security technology only has one chance to do the right thing, after which point it has no ability to do anything about the attack or its after-effects. In the case of modern advanced malware the problem with this approach is evident. First, threats change and morph once they enter an environment. If you no longer know what you’re looking for, you can’t protect yourself against it. Second, once you’re infected, you’re infected.

The challenge is clear. We must evolve protection “in the moment” to protection “any time, all the time.” To do this we need “Continuous Capability.” We must be able to see and track files and events continuously within our IT environments and respond comprehensively and systemically across our infrastructure at any time based on information as it becomes available. This means even being able to provide retroactive protection against threats that have already entered the environment based on the newest intelligence.

Today we are beginning to see continuous capability with solutions, based on a modern architecture, that enable the use of large-scale data mining technologies and cloud platforms to continuously monitor, analyze and store vast amounts of data from a specific deployment and the larger, global community of users. This data enables the defender to protect against not just initial infections but also against every mutation after the threat enters the environment.

Advertisement. Scroll to continue reading.

But this is just a start. By overcoming the engineering challenges inherent in many of today’s solutions we can attain continuous and comprehensive visibility and control and keep information superiority where it belongs—with the good guys.

Join Solutionary and Sourcefire for a Webinar on “Understanding Contextual Security” on March 28th at 1PM EST. Register Here.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.