Context-aware security is the use of supplemental information to improve security decisions at the time the decision is made. The goal? More-accurate security decisions capable of supporting more-dynamic business and IT environments as well as providing better protection against advanced threats.
In this 2010 research note that provided a definition and framework for understanding context-aware security The Future of Information Security is Context Aware and Adaptive, I used the term “next-generation IPS” to describe how advanced intrusion prevention systems were becoming context aware in order to make improved security decisions (faster, more accurate and better suited to detect advanced threats).
Network security solutions are evolving to incorporate “application awareness” and “identity awareness” into their offerings. Information protection solutions are evolving to deliver “content awareness.” Application, identity and content awareness are all part of the same underlying shift to incorporate more context at the point when a security policy enforcement decision is made.
In the research note, I provided several examples of how information security infrastructure was evolving to become context-aware, including next-generation IPSs:
Intrusion prevention systems (IPSs) — Rather than apply all IPS rules to all traffic flows, next-generation IPS systems are able to use real-time contextual knowledge of what version of an OS or application a workload is running and what vulnerabilities are present in the systems they are protecting (for example, Real-time Network Awareness (RNA)/Real-time User Awareness (RUA) integration with Sourcefire). This context improves the speed and accuracy of IPS decisions, allowing more-efficient use of processing resources, as well as reducing the chance of false positives.
We’ve just published this research note for clients that outlines the key attributes of a next-generation IPS. Context-awareness in the form of application, identity, content and environmental awareness is the foundation for a next-generation IPS.
As I have observed several times, all information security infrastructure must become context-aware – endpoint protection platforms, access control systems, network firewalls, IPS systems, security information and event management systems, secure web gateways, secure email gateways, data loss prevention systems … all of it.
The shift to incorporate “application awareness”, “identity awareness”, “virtualization awareness”, “location awareness”, “content awareness” and so on are all facets of the same underlying shift in information security infrastructure to become context-aware.
Category: Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Context-aware Security, Endpoint Protection Platform, Next-generation Security Infrastructure, symposium