Yesterday’s Security vs Today’s Threats

Another discussion from the HP Protect 2011 conference on Monday, September 12, 2011 featured Bob Gourley and HP’s Andrzej Kawalec, CTO of Enterprise Security, discussing the evolving enterprise threat environment and how it can be mitigated.

Bob and Andrzej agreed on three major emerging challenges in enterprise cybersecurity. The first is simply the nature of the threat, which is growing in sophistication, speed, and targeting over time. Phishing, for example, gives way to Spear phishing where the impostor emails are designed to look like they came from colleagues, offer a malicious link tailored to the target, and may have company letterheads and logos. Threats to enterprise are growing more serious because, as Bob noted, the money is with the enterprises and the threats follow.

The second emerging challenge is the consumerization of IT. Employees no longer do all their work on a (hopefully) secured company workstation. Instead, they are flipping through presentations on their personal tablets and checking emails on their smartphones. While on one hand this is great as it allows users to stick with the devices they prefer and are comfortable with, and encourages them to work wherever and whenever is convenient, it also means that hardening single data endpoints is no longer enough, as an enterprise can’t know what device its employees will be working on. Already, a recent survey of IT managers reveals that employees use personal devices for work in almost 90% of companies, and that most do not have the tools to manage them.

Lastly, the cloud is changing how IT is delivered. Software-as-a-Service, Platform-as-a-Service, and Infrastructure-as-a-Service are reinventing how we consume and interact with IT. Again, cloud computing has brought many benefits, but also its share of challenges as CTOs, CIO, and CISOs adjust and make their security work for a new paradigm.

Adapting to this threat environment requires a risk management approach. We must assume we will eventually be breached and be ready to respond with in-depth forensics and remediation immediately. As Kawalec noted, enterprises must plan to fail and expect to be under attack not just from malware or malicious code in general, but also internal threats, the quintessential example being Bradley Manning and all the anonymous contributors to WikiLeaks. This complicates security not only because social engineering and trusted users can get around any current technical solution, but also because their motivations tend to be different from traditional criminal hackers.

If enterprises assume that their networks are already compromised, they need to protect them with a remediation approach. An example would be Triumfant’s Configuration and Change Management Tool, which effectively scans networks for anomalies before users even notice that something is wrong, and then reduces infection turnaround time from days to minutes as it implements solutions at the click of a button then fills on gaps from healthy computers if important file systems have been deleted.

Still, even with products emerging to help enterprises “plan to fail” at perfect internet security, dealing with a shifting IT paradigm and threat environment takes a different kind of CIO. Since perfect security is impossible, CIOs need to decide what level of risk they are willing to accept. Today’s CIOs and CISOs also need to understand architecture, vision, and design, to see the system on both macro and micro levels to reduce security silos and provide robust solutions for a changing world.

Staying ahead of the threat has always been hard but there are new integrated capabilities that aid defense, like ArcSight’s suite of integrated capabilities (ArcSight is in the leader’s quadrant of Gartner’s SIEM Magic Quadrant Report). Ensuring SIEM capabilities like this are integrated into your enterprise is a key component in ensuring your enterprise is able to meet the threat.