Adaptive Security Should Be Part of the CISO’s Toolkit
This post is an excerpt from a Gartner research report. See below for a link to the full report.
The world of security is getting more complex. The rise of digital business and the expansion of cloud computing are adding risk. To mitigate risk and protect systems and data, IT leaders need a security architecture that can evolve and adapt.
Until recently, security has focused mainly on blocking and preventing attacks. But as many high-profile attacks have shown, protecting the perimeter alone is inadequate. What’s needed instead is security that defends beyond the perimeter to make applications highly secure, detect and respond to attacks, predict where future attacks might occur, and continuously monitor and analyze both applications and security.
The solution is an adaptive security architecture that can track user and entity behaviors from a variety of inputs, enabling the early identification and prediction of threats and malicious activity. Adaptive security architectures help by enabling several important features. These include multifaceted security; the evaluation of vendor ecosystems; real-time monitoring and response; filtering and prioritization; and security-aware applications.
Solution Never Sleeps
Continuous monitoring is essential. Otherwise, security breaches can go undetected for weeks, even months. Enterprise architects must continually examine the security implications of advanced digital and algorithmic business and related technologies, and insert a security element into the enterprise architecture.
An effective program for continuous monitoring and analysis should focus on four key elements:
- Prediction: proactively assess risk, predict attacks, and monitor baseline systems
- Blocking/Preventing: harden and protect applications, divert attackers, and prevent future incidents
- Detection: detect incidents, confirm and prioritize incidents, and contain incidents
- Response: remediate/make change, design/model changes, and investigate and conduct forensics
Help can also come from what’s known as user and entity behavior analytics (UEBA) solutions. These can sort through the deluge of alerts by identifying the anomalous patterns and malicious behavior that today’s security-monitoring and intrusion-detection systems often miss. UEBA solutions do their work in three main ways:
- Analysis: find bad actors by rapidly detecting and analyzing attacks
- Prioritization: rank alerts based on their urgency, and improve alert management by consolidating and correlating alerts from existing systems
- Response: investigate alerts quickly and with minimal staff, and take autonomous actions to respond to threats in real time
3 Steps to Adaptive Security
To create an adaptive security architecture, start with these actions:
- Facilitate a forum of security, operations and application architects to ensure that solutions are designed and delivered with security and production operations in mind.
- Create use cases and roadmaps for the use of advanced analytics and machine learning in filtering logs and security inputs, and spotting potentially malicious patterns.
- Devise scenarios and guiding principles to help business and IT leaders prepare for the security implications of a greatly expanded set of endpoints and back-end services, including many outside the direct control of IT.
The use of an adaptive security architecture can extend your security strategy beyond perimeter defense to protect applications, analyze real-time behavior and exploit context with smart algorithms. This is the best way to mitigate the growing risks organizations face.
To learn more, download Top 10 Strategic Technology Trends for 2016: Adaptive Security Architecture by Gartner.
About the authors: David Cearley is a VP and Gartner Fellow. Avivah Litan is a VP and distinguished analyst at Gartner. Brian Burke is research VP for enterprise architecture at Gartner. Mike J. Walker is research director, enterprise architecture at Gartner.