Data breaches continue to plague private organizations and government entities alike. And because no single firewall, antivirus suite or network monitoring solution can address today’s security concerns on its own, enterprises must develop more robust strategies that unite a number of different technologies into a strong defensive line. Experts say that all players on the security team must fit together better so that each player can be effective.
Gaps between the security layers
One ongoing challenge Dan Schiappa, senior vice president of the end user security group at Sophos, Inc., sees is that there isn’t much commonality to security vulnerabilities and the tools that address them. A new attack vector catches the industry’s attention and a vendor comes up with a great tool to protect against it. “It becomes the flavor of the day, and then all of a sudden that tool is not effective anymore because, obviously, what the bad guys do is they get that tool and they start building stuff they know will get through that tool,” Schiappa said.
This "flavor of the day" approach leaves many enterprises too focused on one area, while other potential security gaps remain wide open. “I think that’s part of the problem with the approach we’ve taken to security over the years,” Schiappa said. “Where we fall down is that we haven’t focused on building an ecosystem of synchronized security.” Each defensive measure needs to be part of a broader, adaptive plan. To avoid blind spots, administrators must be ready to routinely evaluate the organization’s defensive posture against the range of emerging threats and take steps to address areas that may be vulnerable.
The landscape of the modern network has also changed significantly, even in just the past five years. Along with a growing number of mobile workers, enterprises are now dealing with an increasingly global workforce as well as global client bases. “You have organizations adapting new technologies that allow them to reach their customers quicker and deliver their goods to their customers sooner,” said Samantha Madrid, head of network security product marketing at Palo Alto Networks. This evolution has led to fundamental changes, such as data center expansions, new technologies that underpin new applications, and a need to find new efficiencies within the infrastructure. “To do that, you do not just have to think about your network differently, you have to think about your security differently,” Madrid explained. Making that transition to new strategies can be difficult, especially when legacy systems are still trying to catch up.
Roark Pollock, vice president of marketing at Ixia, breaks today’s security issues down into three pieces. The first is the need to choose the right tools and confirm that they are properly deployed and configured. “The second piece is, from a production standpoint, are companies maintaining the right amount of visibility into their infrastructure?” Pollock asked. Monitoring what’s going on across the entire network has become more of an issue in recent years, “especially as companies start to think about virtualizing or using the cloud for a lot of their infrastructure,” he added.
Third, attracting and retaining the right skill sets within the organization continues to be a challenge. “It’s having the right people in the organization that understand how to address some of these issues, that understand how to identify issues and what to what to do about them once they occur,” Pollock said. Without all three legs of the security stool acting together, it’s difficult to support enterprise security in an ever-changing threat environment.
Evolving security to meet evolving threats
Even where multiple layers of security exist, weaknesses may still lurk at the touch points between different defensive tools. And an otherwise strong tool may experience performance issues under specific circumstances. It’s something administrators need to understand and manage. “How do you test each one of those individual devices in such a way that you can test it in their specific security environment?” Pollock asked.
What looks good on a data sheet may not be as effective once other infrastructure components are added to the mix. A tool's configuration may also impact its performance. Pollock said that mimicking a network’s particular architecture can help to identify potential weaknesses in one or more security layers. “Not only is it important to have a layered approach, but it’s also important to think about how those individual tools will perform in their different environments for different companies, because they all tend to have different types of traffic running across their networks.”
Madrid believes that better integration, along with automation that provides visibility and robust context sharing, is what’s needed to protect today’s networks. “Having a layered approach that is siloed, that does not talk to one another, that doesn’t share the intelligence or provide you the visibility of what is happening, does absolutely nothing for you,” she said. Meaningful intelligence comes from creating an architecture in which each component gives and receives relevant data with the rest of the network. “If the technologies aren’t talking to one another, if the technologies aren’t sharing what they learn and what they see from their analysis, then they’re effectively still just first-layer defenses all across the organization,” Madrid said. Developing stronger integration between those security layers enhances the power of each individual tool.
Security analytics, which are seeing increasing adoption and providing additional protection to vulnerable networks, can boost the power of defensive measures, but Schiappa believes some of the platforms remain too focused on a limited number of areas. “What we need is the ability for all the products to have some form of analytics, and where they can then share their results with other products that can use that as input into their analytics,” he said.
Schiappa points to the recent Office of Personnel Management breach, where the data was protected through encryption but an exposure still occurred. “They didn’t have any analytics around, for example, the identity of who is accessing that data,” he explained. If a trusted user’s credentials are compromised, an integrated security analytics solution may still be able to identify and flag anomalous behavior. “It’s using these bits and pieces of data across multiple, different checkpoints in a synchronized fashion,” Schiappa said.
As administrators bring together new tools and new strategies to place more protective layers between their networks and potential intruders, information could indeed be the lynchpin that melds everything into a cohesive system. Not only might security analytics tools benefit from better data, so might solutions such as monitoring and forensic platforms. “Depending on how they’re deployed, if you don’t get the right data to those systems, they’re just powerful, blind tools,” Pollock said. “You’ve got to make sure you’re collecting and aggregating the right traffic, and providing them a broad picture of what’s happening across the entire landscape of the enterprise network so they can actually do the correlation and find what’s going on.” With the right information flowing into and between the tools that comprise each layer of security, Pollock said, “they can actually start to zero in on what’s really happening across the entire network.”
Photo courtesy of Shutterstock.