Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Continuous Capability – The Next Frontier

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

If You No Longer Know What You’re Looking for, You Can’t Protect Yourself Against It.

In my previous column I wrote about the concept of Information Superiority. The premise is fairly straightforward: In the battle for network security, whoever can bring superior intelligence to bear on network and device security problems, wins.

From the very start the bad guys have the advantage. An attacker is focused on local knowledge—information about a specific exploit, a default password, a topological flaw, etc. that they can leverage to gain access. This is a very targeted task. In contrast, a defender needs global knowledge— information about modern network environments and the threat landscape, both of which are constantly and rapidly changing. Gaining sufficient understanding to support the continuous process of securing the environment as it evolves is a broad and challenging undertaking.

Network SecurityThe traditional methods of network and asset discovery have been ill-suited to meet the defender’s information superiority requirements because the scope of their operation is transient; they produce a picture of a moment in time. The inevitable environmental changes are unknown until the next discovery scan resulting in poorly configured security infrastructure, reduced protection, and an increase of false positives (noise) as well as false negatives (missed attacks).

Newer approaches that offer real-time discovery of everything in the environment, contextual awareness to filter out the noise, and intelligent automation to adjust defenses are becoming the foundation for modern security practices.

With these capabilities traditional intrusion prevention systems, firewalls and anti-virus solutions can become next-generation security solutions with advanced technology that arms the defender with information superiority.

But one frontier still remains. These security tools provide protection “in the moment,” addressing suspicious activity and vulnerabilities apparent at a specific point in time. However, there is no follow-on capability. The security technology only has one chance to do the right thing, after which point it has no ability to do anything about the attack or its after-effects. In the case of modern advanced malware the problem with this approach is evident. First, threats change and morph once they enter an environment. If you no longer know what you’re looking for, you can’t protect yourself against it. Second, once you’re infected, you’re infected.

The challenge is clear. We must evolve protection “in the moment” to protection “any time, all the time.” To do this we need “Continuous Capability.” We must be able to see and track files and events continuously within our IT environments and respond comprehensively and systemically across our infrastructure at any time based on information as it becomes available. This means even being able to provide retroactive protection against threats that have already entered the environment based on the newest intelligence.

Today we are beginning to see continuous capability with solutions, based on a modern architecture, that enable the use of large-scale data mining technologies and cloud platforms to continuously monitor, analyze and store vast amounts of data from a specific deployment and the larger, global community of users. This data enables the defender to protect against not just initial infections but also against every mutation after the threat enters the environment.

Advertisement. Scroll to continue reading.

But this is just a start. By overcoming the engineering challenges inherent in many of today’s solutions we can attain continuous and comprehensive visibility and control and keep information superiority where it belongs—with the good guys.

Join Solutionary and Sourcefire for a Webinar on “Understanding Contextual Security” on March 28th at 1PM EST. Register Here.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...