Connect with us

Hi, what are you looking for?


Management & Strategy

Security Automation: Is an ‘Open’ Mindset Your Best Path to Higher Security?

How can you defend against attacks that leverage automation and are outpacing alerting mechanisms and manual-access controls?

How can you defend against attacks that leverage automation and are outpacing alerting mechanisms and manual-access controls?

Consider this: Ann arrives at headquarters with an iPad in hand and taps the Outlook icon to start the workweek. The security systems you deployed recognize Ann as an engineering manager who should get access not only to the company’s mail systems but to its development servers. A potential red flag – her device is identified as not her company-issued PC. But, this bring-your-own-device dilemma is no problem in your world.

Ann is redirected to remediation servers you’ve set up that will automatically scan her iPad for viruses and malware. Once it’s deemed clean, instructions are automatically sent to your network firewalls to grant Ann access. In a matter of seconds, Ann is perusing functional specifications on the company’s engineering servers. Later, she spends a few minutes catching up with friends and downloads an app she simply “must check out.”

Security AutomationThat’s when Ann’s connectivity is disrupted. She’s redirected to a Web page on your remediation systems that informs her the app she recently downloaded has embedded malware. She is given detailed instructions on how to clean up her iPad and get back on the network.

Meanwhile, you are at a company offsite discussing plans on how to leverage the cost savings from transitioning the company away from managed to employee-owned devices.

This is not a fantasy world. This is the reality for many firms that understand the benefits of collaborative and automated security. They have implemented technologies based on open architectures in order to make this scenario their everyday world. The evolution and aim of this kind of open architecture – and what it means for the future of network security – is the focus of this discussion.

Sometime ago, the Trusted Computing Group (TCG), an international standards body, formed the Trusted Network Connect (TNC) subgroup with the goal of providing endpoint security and integrity. The efforts of this collaboration culminated in an open architecture that ensured multi-vendor interoperability among end-user devices, vendor-security architectures and security policies. This kind of interoperability and interactivity promised higher security for endpoints through broad security-information sharing.

IF-MAP or Metadata Access Protocol is the protocol which makes this kind of information sharing among security devices possible.

Advertisement. Scroll to continue reading.

The notion behind IF-MAP is simple yet powerful. Through real-time information sharing among security devices, higher security is made possible. If every security device in the network – from end-user agents to firewalls, sensors, telemetry devices, vulnerability scanners and logging systems – can share information using a common protocol, then a comprehensive security picture can be stored in a central server(s).

Security vendors can then focus their efforts on leveraging this central store to create tools and management systems to automate security decision-making. They can also enable significant, if not total, visibility into the overall security posture of any network – be it dispersed, centralized, virtualized or in the cloud.

Thinking SecurityNow you may be asking if anyone has adopted this standard and how far vendors have gone in building out IF-MAP-based architectures. The truth is there are a number of certified products available today that are part of a growing list.

The scenario described at the beginning of this article is one that is achievable with generally-available solutions, but the march toward full security automation does not stop there. The journey is one that leads to systems collaborating to detect, disrupt, mitigate and even retaliate within seconds of an attack. This kind of automation does not live in the distant future, but rather begins now.

By implementing a broad network of IF-MAP-compliant and interoperable technologies and management systems, you will be able to respond to an actionable set of information.

The days of security automation conjuring up thoughts of false positives and disrupted business are long gone. A new generation of threats and attackers are leveraging automation and outpacing alerting mechanisms and manual-access controls. The efficient protections of today and the foreseeable future will leverage automation-based architectures.

The sooner, the better.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...