Organizations can improve security with visibility and intelligence if they are to protect their most valuable data assets across virtualized, cloud and big data environments. Specifically, they need to know what data is going into these environments, who is authorized to work with this data, and how this data and its users can be monitored while adhering with GRC (governance, regulatory, compliance) mandates.
Download the free report here
Traditional signature-based defenses remain a core component of security strategy, protecting against non-targeted malware. But as more workloads move to the cloud – private or public – and mobility becomes even more pervasive, these tools are ineffective against attacks that pose the greatest risks.
Improved incident response and resilience warrants a shift in spending toward continuous monitoring, advanced behavioral analytics, incident response automation and software-defined perimeter.
Granular Visibility Aided by Integration
Automated continuous monitoring of network traffic, application-level awareness and user-specific rules significantly improves situational awareness of anomalous activity. Monitoring that is more pervasive, automated and intelligent allows security teams to better understand risks and prioritize threats for faster incident response.
Correlations, machine learning engines, and advanced behavioral analytics and data visualization create context based on granularity about users, applications, and endpoint characteristics. These allow security teams to establish baselines of normal vs. abnormal activity. Policies and enforcement can then be applied automatically to specific applications, user groups or roles. Key performance indicators (KPIs) provide real-time visibility into anomalous behavior patterns, driving faster and more accurate incident response.
Traffic – down to individual payloads – can be examined in real time to get to the root of malicious activity, identify previously unknown advanced threats, and detect anomalous behavior patterns. This is particularly important as APTs use a combination of methods to evade detection. Better visibility and control over all traffic flowing into and out of the organization improves focus and efficiency while freeing the security team from alert overload.
Greater intelligence also improves forensics. Organizations can gain deeper insights into how they were compromised. This can help them identify vulnerabilities and shrink response times in the event of similar attacks – or neutralize them when they are occurring. It also provides data for cybercrime investigation, evidence gathering and cleanup.
The better these tools are integrated, the more of the kill chain can be automated. Unifying disparate data points provides security teams with more actionable intelligence to speed incident response and contain risk. It also facilitates consolidating internal threat intelligence and external services from the cloud and mobile networks. Increased automation reduces costs, human error and false positives, enabling faster and more accurate detection and incident response.
The Dawn of the Software-Defined Perimeter
SDP is a relatively new protocol that creates a next-generation access control system for the software-defined network (SDN). A cloud-based SDP controller creates a logical boundary around network and application resources, and only grants access to this virtual perimeter after first authenticating user identity by their device and permissions. It does this with existing authentication and authorization mechanisms, such as Secure Assertion Markup Language (SAML) or Lightweight Directory Access Protocol (LDAP).
Software-Defined Perimeter
Infrastructure and apps remained concealed from potential intruders. In concept, this is similar to a traditional network boundary, only authentication is done in the protocol rather than by a device.
Organizations can use SDP to control access independent of application or user location. Separating the control plane from the data plane allows security teams to build more automated and sophisticated security configurations and dynamically provision standardized security services in the cloud. These include monitoring and behavior pattern analysis to accelerate anomaly detection and on-the-fly incident response to speed containment and remediation.
For SDP to be effective, security teams must ensure that endpoints are securely configured. Automated security configuration baselining and cross-platform patching of OS and all applications (including third-party apps) for all devices is a must. EMM (enterprise mobility management) can be used to assess mobile device integrity, providing alerts when devices are jailbroken, rooted or have been infected with malware. Once detected, access permissions are immediately denied.
More organizations are adopting DevOps best practices with the growing popularity of containers and microservices. And the emergence of IoT will drive an explosion in connected devices. SDP can be a key enabler of stronger machine and service-level authentication as these endpoints vastly outnumber individual users needing authorization.
Expect SDP use to increase as cloud service providers integrate the protocol into their SaaS and IaaS platforms and more infrastructure vendors integrate it into their product offerings. As organizations use the framework to build a complete security perimeter in the cloud, they can gradually eliminate many of their various security appliances, virtual private networks (VPNs) and network access control (NAC) devices.
Conclusion
With a prioritized risk approach to data security, organizations can better protect the data assets that underlie their greatest risks. Recognizing that they can’t stop attacks requires a shift in mentality away from prevention to resilience. A more proactive security team can resolve incidents faster and be more efficient in identifying vulnerabilities. Security budgets need to reflect this shift with more investment going to technologies that improve visibility and intelligence. Lower-level risks and their associated data can be handled on a best-efforts basis with automation.
Download the free report here
