Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Continuous Capability – The Next Frontier

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

In my previous column I wrote about the concept of Information Superiority. The premise is fairly straightforward: In the battle for network security, whoever can bring superior intelligence to bear on network and device security problems, wins.

From the very start the bad guys have the advantage. An attacker is focused on local knowledge—information about a specific exploit, a default password, a topological flaw, etc. that they can leverage to gain access. This is a very targeted task. In contrast, a defender needs global knowledge— information about modern network environments and the threat landscape, both of which are constantly and rapidly changing. Gaining sufficient understanding to support the continuous process of securing the environment as it evolves is a broad and challenging undertaking.

Network SecurityThe traditional methods of network and asset discovery have been ill-suited to meet the defender’s information superiority requirements because the scope of their operation is transient; they produce a picture of a moment in time. The inevitable environmental changes are unknown until the next discovery scan resulting in poorly configured security infrastructure, reduced protection, and an increase of false positives (noise) as well as false negatives (missed attacks).

Newer approaches that offer real-time discovery of everything in the environment, contextual awareness to filter out the noise, and intelligent automation to adjust defenses are becoming the foundation for modern security practices.

With these capabilities traditional intrusion prevention systems, firewalls and anti-virus solutions can become next-generation security solutions with advanced technology that arms the defender with information superiority.

But one frontier still remains. These security tools provide protection “in the moment,” addressing suspicious activity and vulnerabilities apparent at a specific point in time. However, there is no follow-on capability. The security technology only has one chance to do the right thing, after which point it has no ability to do anything about the attack or its after-effects. In the case of modern advanced malware the problem with this approach is evident. First, threats change and morph once they enter an environment. If you no longer know what you’re looking for, you can’t protect yourself against it. Second, once you’re infected, you’re infected.

The challenge is clear. We must evolve protection “in the moment” to protection “any time, all the time.” To do this we need “Continuous Capability.” We must be able to see and track files and events continuously within our IT environments and respond comprehensively and systemically across our infrastructure at any time based on information as it becomes available. This means even being able to provide retroactive protection against threats that have already entered the environment based on the newest intelligence.

Today we are beginning to see continuous capability with solutions, based on a modern architecture, that enable the use of large-scale data mining technologies and cloud platforms to continuously monitor, analyze and store vast amounts of data from a specific deployment and the larger, global community of users. This data enables the defender to protect against not just initial infections but also against every mutation after the threat enters the environment.

But this is just a start. By overcoming the engineering challenges inherent in many of today’s solutions we can attain continuous and comprehensive visibility and control and keep information superiority where it belongs—with the good guys.

Join Solutionary and Sourcefire for a Webinar on “Understanding Contextual Security” on March 28th at 1PM EST. Register Here.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.