Visibility and Context-awareness are Critical to Staying Ahead of Threats
The term “Next-Generation” is frequently used in the industry to signal that a new technology has made a sufficient leap forward, delivering efficiencies or effectiveness previously considered impossible for a product.
Fueling one of the latest rounds of next-generation solutions is a shift to context-aware computing. Fostering innovation across a broad spectrum of technologies, context-aware computing is the ability of devices or applications to detect and analyze events in a changing environment and to respond accordingly. When applied to smart phones, automobiles or even refrigerators, context-aware computing can enhance quality of life. It can also spur business success in the case of customer service applications, collaboration tools or smart e-commerce sites. Context-aware computing is all about creating a richer experience on-the-fly and therefore requires agility.
When it comes to IT security, context-awareness is critical to staying ahead of the bad guys. The rate of change in today’s IT environments—the number of devices, users, applications and systems that connect to our infrastructure every day—is unprecedented. In addition, attacks are coming at an increasing rate and with an increasing level of sophistication. First-generation security solutions are typically blind to changing conditions and new attacks. Because you can’t protect what you can’t see, these traditional security solutions fall short of providing needed protection.
Security solutions that are context aware can see and intelligently correlate extensive amounts of event data related to IT environments—applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats. This correlation provides the context needed to automatically and flexibly tune and protect organizations from today’s advanced threats.
But it isn’t enough to see and correlate data. Essential to context-awareness is the ability to learn and quickly respond. Not only do traditional security models lack the context to understand the security implications of new events, but because they typically are static—designed for a time when IT environments were fairly stable—they lack the ability to adapt accordingly. Ill suited for the demands placed on them today, they fall further and further behind in their ability to combat advanced threats. The latest network security platforms must be agile in order to adapt to not only today’s threats, but tomorrow’s as well.
On several occasions Neil MacDonald of Gartner has written about the need for security to be context aware and adaptive. In his May 2010 paper “The Future of Information Security is Context Aware and Adaptive” he states that by 2015, 90 percent of enterprise security solutions deployed will be context aware. In a recent blog post he states: “Context-awareness in the form of application, identity, content and environmental awareness is the foundation for a Next-Generation IPS (NGIPS).”
An October 7, 2011, paper by Gartner called “Defining Next-Generation Network Intrusion Prevention” further outlines the requirements for NGIPS to include first-generation IPS functionality plus four additional requirements—application awareness and full stack visibility, context awareness, content awareness and an agile engine.
Network security platforms are increasingly being defined by awareness, context and agility. From the endpoint to the network, as threats become smarter and faster and computing environments become more complex, organizations can no longer rely on first-generation solutions for adequate protection. When planning your shift to next-generation security solutions, make sure your vendors can demonstrate the ability to see and understand context and that they have the agility required to adapt defenses and successfully protect today’s rapidly changing IT environments.