Nearly everyone can agree that the security challenges enterprises face today require out of the box thinking. Our Quarterly Threat Landscape reports show today’s threats are designed to target multiple attack vectors, expose vulnerabilities, select a compromise from an updatable toolkit of exploits, burrow deep into the network, and then hide their tracks. From there they can move laterally across the environment looking for data to exploit or resources to hijack - all while evading detection.
The reason such an attack vector is successful is because, unlike the IT teams in the organizations being targeted, cybercriminals aren’t constrained by lines of business, siloed technology teams, or carefully guarded network domains. Instead, they look at your network as a single entity, which means they may have better visibility into your network operations and architecture than many of the folks who actually work there.
Part of this challenge is the result of having deployed siloed security solutions in different areas of the networked ecosystem that require individual management, rather than solutions integrated together through a common set of security services. As a result, threat intelligence is isolated, so detecting sophisticated threat requires the sort of manual hand correlation that most organizations simply do not have the resources to support.
It’s the same reason why moving to a digital business model has been so disruptive. Data is the new currency of today’s economy. Collecting it, generating it, mining it, and finding ways to make it available to both employees and consumers are today’s measures of success. But while workflows and data now move freely between one network ecosystem and the next, the institutional culture building these systems still have hard lines drawn between domains and lines of responsibility, and they protect zones of personal control that have developed over years or even decades. In such an environment, establishing consistent visibility, management, and security protocols that span the network can be next to impossible to fund, resource, and deploy.
Cybercriminals understand this. That’s because organizations with institutionalized controls and rigid hierarchies that isolate personnel and restrict resources to teams with specific siloes of responsibility tend to be more vulnerable to today’s sophisticated attack strategies. The resulting fractured infrastructure allows attackers to hide in the gaps between control systems. Likewise, complex, multi-vector attacks are difficult to identify when a team only has access to a limited sphere of functionality. And malware that can mimic legitimate traffic is especially difficult to detect when the team responsible for security has no control over the data or resources being consumed or delivered by another team.
If organizations want to get out ahead of the criminal community that wants to steal, hijack, or ransom that data, they will have to rethink their approach to security. Deploying effective security services help bridge the gap between traditionally isolated security devices.
Unify your intelligence. A unified security strategy requires that all solutions operate using the same set of policies, protocols, and intelligence. Adding a common threat intelligence service to a fabric-based security strategy ensures that different security tools deployed across the infrastructure are on the same page when it comes to looking for and discovering new threats.
Integrate your technologies. The sophistication of today’s threats means you need to integrate security solutions so they can work as a unified system to find and respond to even the fastest and most stealthy attacks. Building a fabric-based security framework around open APIs and a common OS enables those security technologies to span the distributed network as a single, integrated security solution. By weaving different security technologies together using a common framework and set of security services, replacing traditionally isolated devices with integrated solutions allows your security infrastructure to effectively share correlate threat intelligence, and collaborate in order to adapt and respond to threats regardless of which zone of the network they have been deployed in or which team owns and manages them.
Apply consistent services. Applying a uniform set of security services that span your ecosystem of networks ties different and disparate security solutions together even further. These services, such as sandboxing, intrusion prevention, virus outbreak prevention, or application controls allows them to use a common set of intelligence and techniques to better identify, correlate, and respond to threats in a coordinate fashion regardless of where a threat is detected or where security resources are located.
Automate your processes. As the time between a breach and the compromise of data or resources continues to shorten, delays caused by waiting for a human response to thwarting malware and other attacks can have a serious impact on data and resources. To address this growing challenge, we need to develop and deploy decision-making and analysis engines that take humans out of the loop. Leveraging AI engines and automation to perform the vast majority of decisions and analysis at speed and scale would not only close the gap on threat impact, but also allow humans to reallocate resources to focus on the really hard remaining decisions, where human cognition and intervention are really required.
Cybercriminals are constantly changing their attacks and techniques to exploit the expanding attack surfaces being created by today’s organizations. To effectively protect themselves, organizations must be constantly prepared to defend against something new at all times. However, many organizations have created network and resource siloes that cybercriminals are all too willing to exploit.
Solving these challenges requires IT teams to change their security strategy from one based on a collection of discrete, isolated solutions to an integrated framework that is able to work as a system to see and respond to threats. Extensive knowledge of the threat landscape, combined with the ability to respond quickly at multiple levels, is the foundation for providing this level of security. And that requires a common set of threat intelligence and other security services that ensure consistent enforcement and security effectiveness, even across the most complicated network environments.