[BreachExchange] Identifying anomalies before a breach: A networking approach to security

Audrey McNeil audrey at riskbasedsecurity.com
Mon May 7 19:53:23 EDT 2018


Security is at the top off the business-buying shopping list. This is not
wholly surprising given the plethora of high-profile, costly breaches
punctuating the business calendar over the last year. Whether it was
WannaCry ransomware or the Equifax website breach, the fire has been lit
and businesses want a more comprehensive approach to enterprise security,
and this should begin and end with the network.

With brand reputation, customer data and company bottom lines hanging in
the balance, CISOs are finally gaining a stronger voice at the boardroom
table. A comprehensive networking solution with integrated security that
connects and protects all endpoints, workloads and applications is no
longer a pipedream, it's a necessity.

Network vs. security

The traditional IT stand-off between network and security advocates is no
longer forgivable nor feasible. The push and pull between the network
priority of ensuring the uninhibited flow of data and the security team's
prerogative of ‘shutting the pipe' when a threat looks imminent hasn't
always resulted in a fruitful business relationship. This is set to change.
The fast transfer of data and the protection of information mustn't be
mutually exclusive. These siloes are blurring, with conversations expanding
beyond the confines of the data centre.

Now, the IT team is embracing a ‘one team, one dream' mantra. Every piece
of technology integrated into the network must have security embedded. A
recent PwC study revealed that 64 percent of CIOs, VPs and IT managers
surveyed put security and automation at the top of their buying criteria in
their path to the cloud. Seeing security rise to the top of networking
purchase requirements is a remarkable shift in priorities, and will enable
a greater level of insight, protection and broader business support.

The scale of the security challenges inherent in enterprise and cloud data
centres are starting to resonate. This is an environment where workloads
are constantly being created, deleted and moved, not only within a cluster
or an individual data centre, but across multiple centres and clouds. As
almost all major workloads shift from on-premise to public cloud in the
next one to three years, this dynamic context and the high volume of
communications traffic will likely skyrocket.

Together with this, the complexity of security implications will increase.
It has never been more important for both security and operational
practices to converge. How solutions are architected, and products
evaluated will change. Unless the boundaries between teams' fade, the
implications for the enterprise will be profound.

Security must stem from the network itself

Technology devices, whether they are switches, firewalls or routers, can
operate as key components of a network and contribute to the rigour of an
organisation's security. These devices speak the same language, react to
changes in conditions around them, such as surges in activity or anomalies
on the network, and align to management tools reporting back to IT and the
broader business.

Visibility and automation tools span across the entire technology
portfolio. This means that humans no longer have to spot needles in
haystacks. Technologies can now work in tandem to isolate and extract data,
down to the most granular of details. Needle in haystack tasks are now
child's play. Automation enables a view across an entire business. It
correlates vast amounts of data in real-time, spots anomalies and automates
tasks that would take hours for a human to identify, let alone act upon.
With visibility and automation shaping a more proactive approach to
security, IT teams are better able to pre-empt attacks and redirect
resources away from labour-intensive monitoring to more valuable and
strategic activities, while retaining full control on remediation execution
as required.

The ‘all seeing' network

As end-point devices multiply with the Internet of Things and business
networks face tens of thousands of devices in any one environment, it is
clear that end-point security is increasingly becoming unrealistic. The
‘all-seeing' network that encompasses all devices and traffic provides a
clearer view from which to monitor more effectively. The network should be
seen as an invaluable mine of information, critical in identifying and
ultimately containing attacks within enterprises.

Micro segmentation is emerging as a preferred method to achieve network
security in a hybrid IT and multi-cloud environment. Instead of relying
solely on hardware-based firewalls, security can be integrated directly
into a virtualised workload. The network can play an active role in
strengthening a business' security defences. It no longer needs to be the
choice of either a free flow of traffic or the protection of information.
The interchange between the network and security can be symbiotic and if
achieved, the business and IT teams will reap the benefits.

The severity of recent breaches has launched security concerns in data
centres to the top of the business shopping list. IT is expected to deliver
a secure and automated network that aligns to an overall business strategy.
This is no mean feat and the only way IT will achieve it is by security and
network architects working together.

A holistic strategy that features a networking approach with integrated
security that connects and protects from one end to the other is the
result. This way, a proactive approach to security and threat prevention
can increasingly become a reality. Spotting anomalies instead of full-blown
attacks will help businesses regain control in the battle for automated,
adaptive and simplified enterprise data security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180507/40031029/attachment.html>

More information about the BreachExchange mailing list