The rapidly changing threat climate is obsoleting security solutions installed just a few years ago, one security-industry CEO has warned as businesses leverage improved visibility, machine learning and proactive policymaking to formulate ‘Security 2.0’ frameworks that will last the next decade.
The confluence of capabilities has become essential for a security climate that was, only a few years ago, being designed using detect-and-respond approaches that offered limited insight into a company’s overall security posture.
Companies lacked real-time visibility into the activities on their network and typically only adopted visibility tools for forensic purposes after a compromise was detected. “When I joined the company six years ago this market was very much an afterthought,” Paul Hooper, CEO of security firm Gigamon, told CSO Australia.
These days, however, growing recognition of the importance of a coherent security policy had brought security planning to the forefront – and improved interest in visibility tools that provide a greater degree of proactivity.
“The thesis behind visibility, and its strategic value, are far better understood than they were back then,” Hooper added. “Visibility is becoming an increasingly strategic component of infrastructure and, when companies do deployments and large buildouts, visibility is being designed in.”
Governments, in particular, have been “laggards” in improving visibility of their environments – which are suffering “gaping holes” as new mobile, cloud and other capabilities are added without suitable visibility – but recent efforts such as the US Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) project, with which Gigamon is involved, reflect the recognised strategic value of better visibility solutions.
CDM will, in the words of the DHS, “provide adequate, risk-based and cost-effective cybersecurity and more efficiently allocate cybersecurity resources”. While the entire program covers 15 continuous diagnostic capabilities, it is initially focused on “foundational” endpoint controls such as hardware and software management, configuration management, and vulnerability management. Phases 2 and 3 of the program, which is being extended to all US government entities, will address identity and infrastructure management.
Investments in security visibility will become crucial as looming mandatory breach notification laws kick in early in 2018, forcing Australian organisations to not only know when they face a security incident but to be able to report in detail on its extent and impact on sensitive data.
Feeding this requirement, recent weeks have seen the launch of new visibility tools including Cylance’s artificial intelligence-driven CylanceOPTICS, Forcepoint’s Forcepoint Web Security 8.3 – which the company said adds cloud-application discovery to eliminate ‘shadow IT’ blind spots – and Bitdefender’s Hypervisor Introspection, which integrates security into the Citrix XenServer hypervisor to improve visibility of virtualised environments.
Each of these shines light into the dark crevasses of the modern data infrastructure and helping fill out the overall enterprise security story. It’s an approach that sits broadly in line with recommendations from Gartner – which recently flagged an ongoing transformation in security spending and named enhancing detection and response capabilities as a “key priority for security buyers through 2020”.
“The shift to detection and response approaches spans people, process and technology elements and will drive a majority of security market growth over the next five years,” principal research analyst Sid Deshpande said in a statement.
“While this does not mean that prevention is unimportant or that CISOs are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability.”
That detection and response capability will, Hooper believes, lay the groundwork for next-generation security architectures that will offer much longer longevity than current solutions simply because they focus on observing all kinds of behaviours rather than trying to detect and stop specific capabilities. AI and machine learning will play a significant role in this, he notes, with increasingly context-aware monitoring able to detect anomalous behaviour regardless of its source or target.
“We’re never, ever going to stop this,” he said. “It’s never something that you can defend against; the ‘hard outer shell’ theory of 10 years ago is behind us, and tomorrow’s world is one where you’re looking within. Security is now a living function, and it’s visibility that’s going to help us get ahead of this.”