by Neil MacDonald | April 5, 2011 | Comments Off on “There’s no Such Thing as ‘Secure’ Anymore”
However, this quote isn’t mine. This quote comes from Deborah Plunkett who head the US National Security Agency’s Information Assurance Directorate.
“The most sophisticated adversaries are going to go unnoticed on our networks. We have to build our systems on the assumption that adversaries will get in,”
“We have to, again, assume that all the components of our system are not safe, and make sure we’re adjusting accordingly.”
The NSA must constantly fine tune its approach, she said, adding that there was no such thing as a “static state of security.”
Yup, I agree. That’s exactly the line of research I’ve been pursuing over the past several years with “adaptive security infrastructure”. I have published several research notes and presentations on how to change the mindset of information security to address these challenges. Virtualization of security controls is one way that information security can adapt more easily to address changing threats, but there are many others. For example, securing private clouds will require significant changes in security infrastructure as well.
Assume you are compromised today in a way that is undetectable by traditional network and host-based IPS and antimalware solutions. How would you know?
I hosted a panel on Advanced Persistent Threats at the US 2011 RSA conference and another APT summit in Washington DC a few weeks ago. The consensus is that you are compromised, you just don’t know it. It’s time to start designing information protection systems that work in spite of compromise.
It sounds counterintuitive, but think about this: it is reported that there are more bacteria in the human body than legitimate cells. Yet, we are able to carry on with useful and productive work. Why can’t our organizations?
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Category: beyond-anti-virus next-generation-security-infrastructure virtualization-security
Tags: adaptive-security-infrastucture cloud-security defense-in-depth information-security next-generation-security-infrastructure virtualization-security
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.