Security experts from Sourcefire talked up the company’s “Agile Security” strategy this week, emphasizing the need for informed, adaptive and automated security products to protect today’s dynamic IT environments from constantly changing threats. The strategy comes down what the company calls four essential tenets:
1. See. Traditional security solutions are mostly blind to their environment and the threats they face. An agile approach provides clarity and vision, reflecting the reality of an environment, as it exists right now.
2. Learn. Applies intelligence to data to improve understanding and decision-making.
3. Adapt. Static approaches limit the ability to tailor protection. Agile Security allows automatic evolution and modification of defenses in response to change.
4. Act. Agile Security provides decisive, flexible and automated responses to events.
Despite increased security budgets, organizations continue to be vulnerable because traditional approaches are too static to keep pace with the needs of today’s organizations, the company believes. The growth of smartphones, virtualization and other innovations has created unforeseen security challenges – environments are changing too rapidly for traditional solutions to keep up. Combined with the growing speed at which new and sophisticated attacks are being introduced, organizations are at a significant disadvantage.
“Traditional solutions lack the agility required to successfully defend today’s rapidly changing IT environments against modern threats,” said John Burris, CEO of Sourcefire, in a statement. “We live in a world where surprises are the norm, and we need solutions that are agile enough to learn and adapt to network changes, vulnerabilities and threats as they happen.”
“Most of today’s security infrastructure is static — enforcing policies defined in advance in environments where IT infrastructure and business relationships are relatively static. This will simply not scale to effectively support an environment that is highly dynamic, multisourced and virtualized,” said Neil MacDonald, vice president, distinguished analyst and fellow at Gartner. “Static security infrastructure is becoming an inhibitor to dynamic business needs. Context-aware security mechanisms provide a layer of abstraction and automation of security policies that can adapt to the context of the request and the time the security decision is made.”