Evolving Approaches to Cyber Threats

Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security continued to discuss emerging security issues at the HP Protect 2011 conference on Monday, September 12, 2011, exploring problems with traditional approaches to enterprise security.

Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security continued to discuss emerging security issues at the HP Protect 2011 conference on Monday, September 12, 2011, exploring problems with traditional approaches to enterprise security.

Andrzej began by defining the customary enterprise security approach. We’ve been taking a very reactive stance to cybersecurity, focusing on responding to incidents, and cybersecurity has been more of an art than a science. Our understanding of how different systems, defenses, and attack vectors interact is far less developed than our knowledge of networks or data centers. He also noted that traditionally, security was below the level of the board and even the CIO, posing a significant challenge to CISOs and CIOs today.

I elaborated on where those traditional approaches and attitudes fail. fundamentally, these approaches do not deliver defense in depth, which has become the goal of modern cybersecurity. When defense is reactive, it focuses on the last battle rather than the future threats and, as a result, misses the major transformations currently underway in the enterprise, such as cloud computing and users shifting from PCs to mobile devices for work or as the endpoints for software-as-a-service. With current approaches, enterprises are not prepared for a “post-PC era.”

Noting all of those problems, Andrzej and I both laid out lists of priorities for CIOs. They must take a transformational posture, focusing on moving from a reactive security policy to more effective and forward-looking defense in depth. To do so, they need a more analytical,  broad, Big Data approach to their information, for example correlating various security events to find trends and performing forensics after a breach. Another element of this is getting all of the security professionals in the enterprise together to form a team with a deeper grasp of threats. To do so, enterprises must also begin to view security  its own distinct discipline.

Ultimately, an analytics approach of providing a fast, accurate, and aggregated view of data within the enterprise is crucial for current CIOs. It allows them to coordinate their operational staff and to better communicate with their board so that they can transform the enterprise and shed dated, reactive responses to threats for active and deep defense.

Many enterprises are finding that the best way to transition from reactive to proactive postures is by measuring what exists, monitoring ongoing activity, and planning for continuing enhancement using those insights.  This type of continuous improvement is aided by integrated technology, including IT testing, security testing, SIEM and forensics capabilities.  For more on enterprise capabilities like these and HP Enterprise Security we recommend diving into the great context at: http://www.arcsight.com/protect2011/