I’ve blogged before about advanced threats that easily bypass our traditional protection mechanisms and reside undetected for extended periods of time on our systems.
We spend far too much of our information security budget on increasingly ineffective mechanisms designed to prevent intrusions including network and host-based solutions, firewalls, IPS and antimalware systems. Does that mean we give up on these Not at all. What we need are new capabilities in other areas.
Assume you’ve been compromised. How would you know? We don’t spend nearly enough on systems that help us to better detect a compromise after it has occurred. We can’t keep pretending that we can keep the bad guys out.
Where are net new investments needed? Here’s just a few of the specific areas I discuss in my research.
- More monitoring. Lots more. At all layers of the stack – packet, flows, sessions, transactions, applications, user activities – all of it.
- More context-awareness. To separate meaningful anomalies out from a sea of monitored events will require more context – identity, application, content, location, time of day, reputation and so on.
- Big data and analytics brought to information security. Information security is becoming a big data problem and we need the systems, algorithms and new sets of security skills to derive insight from this.
- Higher levels of automation. To free up time to focus on the really important stuff, security professionals have got to get out of the day to day programming of security policy enforcement points. Program policies? Yes. Program quintuples? No.
- Cloud-based security policy enforcement. If we don’t own the device or the network (think 3G, 4G etc) then we can’t always rely on traditional network and host-based security controls for protection.
- Applications that are designed to be securely operated and used from inception. DevOpsSec must and will become a reality.
- A shift in thinking from Security Information and Event Management to delivering Security Intelligence
I believe information security infrastructure is at a critical inflection point. The status quo isn’t cutting it. Changes are needed.
Are the vendors up to it if it means we spend less for increasingly ineffective legacy solutions they are selling us? (The good news is that we’ll spend more in the other areas highlighted above if they’d make these types of advancements)
Are we up to it? Are we prepared to admit that we are currently on the losing side of this battle and make the types of process, technology and mindset changes above?
Category: Application Security Beyond Anti-Virus Cloud Cloud Security Next-generation Security Infrastructure Security Intelligence Tags: Adaptive Security Infrastucture, Application Security, Best Practices, Beyond Anti-Virus, Cloud Security, Context-aware Security, DC-Summit-NA, Defense-in-Depth, DevOpsSec, Next-generation Security Infrastructure