Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
6/15/2016
10:30 AM
Brett Kelsey
Brett Kelsey
Partner Perspectives
50%
50%

Why Everyone Is Rallying Around ‘Adaptive Security’: Part 1

Three intertwined security realities are compelling enterprises to transition from a set-and-forget approach to an adaptive security strategy.

Lately there’s been a lot of buzz about “adaptive security,” a concept advanced by Gartner in the report, Designing an Adaptive Security Architecture for Protection From Advanced Attacks. Here’s what Gartner has to say: “All organizations should now assume that they are in a state of continuous compromise.”

Gartner suggests that we accept this basic assumption: The bad guys can get past our current safeguards. I believe that we can make some fundamental changes in how we approach security to shift that paradigm. How do you go about that? In this three-part blog series, we’ll explore the drivers behind this transformation and what you need to know to enable adaptive security at your organization.

An Eye-Opening Event

Let me share a personal experience I had that resulted in an epiphany. About six years ago, when I was chief security officer at a financial organization, we experienced a significant data breach. A third-party company collecting loans on our behalf was attacked by bad actors who managed to access the third party’s systems to get into our environment. So I did what any self-respecting CSO would do: I gathered together the best possible tools to do some in-depth detective work. Guess what I ended up using? Low-tech Post-it notes and a ballpoint pen. In our siloed security environment, it was really the only way to collect information from one system, compare it to the next, and ultimately diagnose what was going on.

So, drumroll, please… Here’s my big “a-ha” moment. When you have siloed, overly complex systems that don’t allow for automatic sharing of threat data -- like the one we had back at my old stomping ground -- the connectivity point is a person. The problem is, we’re dependent on people, but we don’t have enough of them. And they, in turn, don't have enough time to cull through every shred of data that security products churn out and then try to make sense of all that data.

And this brings us to the topic we’re exploring in this first blog post: the three intertwined security realities that are compelling enterprises to transition from a set-and-forget approach to an adaptive security strategy.

Reality 1: Complex, Siloed Security Infrastructures

To keep up with rapidly evolving attacks, we C-level folks and our teams face the dilemma of prioritizing where we need to invest our time and resources and then sort out the flood of new security technologies, most of which promise to be the next silver bullet. But guess what? I will break this to you gently: There’s no silver bullet. Too often, enterprises end up with technology sprawl -- a jumble of siloed multivendor products. This situation is made even worse as companies look beyond protective controls to add more detection and response capabilities.

What are we left with? Security teams end up spending their time juggling products that don’t talk to one another, along with multiple, integrated management consoles. And to top it all off, these products crank out an enormous quantity of security data that we can’t manage and can’t use.

So, despite all that earnest effort and activity, we have blind spots in the critical areas of detection and response, gaps in security coverage, a lack of visibility across the entire infrastructure, and an inability to share and act on valuable threat intelligence.

Reality 2: Too Much Data, Too Little Time

One of the things you’ll learn when you have a breach is that this patchwork of security products can generate an avalanche of threat data. Your first reaction to this may be positive, as you consider how this rich treasure trove of information can help you gain insights about security events and respond more quickly and effectively to potential attacks. But the problem is, you may not have the right tools (aside from your humble Post-it note and pen) such as real-time security information and event management (SIEM) solutions, or the qualified people to collect the data from your security tools, aggregate it, analyze it, and take the best action when indicators of attack are present.

Reality 3: Shortage Of Trained Cybersecurity Staff

Another reality that we’ve all had to face lately is a shortage of qualified security personnel. Trained and experienced security professionals with a deep understanding of advanced security tools, including SIEM, forensics, event management, and analytics, are in high demand -- and they’re scarce.

The SANS Institute’s 2015 Analytics and Intelligence Survey tells us that while the need for additional security technologies and resources has doubled since 2014, 59% of participants say that lack of a highly skilled and dedicated security staff is one of the main impediments to discovering and acting on security events and breaches.

Extrapolating further, the scarcity of resources boils down to a lack of time. If you don’t have the right people in place and enough of them, you won’t be able to sift through the huge volume of malicious code that passes through your organization, react in a timely and appropriate fashion, and prevent future attacks. Breaches will continue to be met with a surge-response team that is ill equipped to act, resulting in delays and errors that expand the impact crater.

Time To Put Away Paper And Pen And Embrace The New

As you can see, the current state of security in most enterprises is untenable and brittle. In the second blog of this series, we’ll delve more deeply into some of the mindset and cultural changes that need to take place to pave the way for an adaptive security architecture.

In the meantime, learn more about Gartner’s research in this space and approaches for implementing adaptive security by viewing this webinar, featuring Neil Macdonald from Gartner, where he talks about his adaptive security architecture concept.

Brett Kelsey is the VP and Chief Technology Officer for the Americas for Intel Security. In this role, he has leveraged his business and practice development, technical expertise, and innovative thought leadership to evangelize Intel Security's go-to-market strategy across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LordC623
50%
50%
LordC623,
User Rank: Strategist
6/15/2016 | 5:36:29 PM
Wow
" But guess what? I will break this to you gently: There's no silver bullet. "

 

No silver bullet?  Wow, so deep.  Much blog.

Editors asleep today?
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15564
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. The hypercall VCPUOP_register_vcpu_info is used by a guest to register a shared region with the hypervisor. The region will be map...
CVE-2020-15565
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs....
CVE-2020-15566
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. The allocation of an event-channel port may fail for multiple reasons: (1) port is already in use, (2) the memory allocation failed, o...
CVE-2020-15567
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT (nested paging) tables, Xen would in some circumstances use a series of non-atomic bitfield writes...
CVE-2020-15563
PUBLISHED: 2020-07-07
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HVM g...