Adaptive Security Should Be Part of the CISO’s Toolkit
This post is an excerpt from a Gartner research report. See below for a link to the full report. The world of security is getting more complex. The rise of digital business and the expansion of cloud computing are adding risk. To mitigate risk and protect systems and data, IT leaders need a security architecture that can evolve and adapt. Until recently, security has focused mainly on blocking and preventing attacks. But as many high-profile attacks have shown, protecting the perimeter alone is inadequate. What’s needed instead is security that defends beyond the perimeter to make applications highly secure, detect and respond to attacks, predict where future attacks might occur, and continuously monitor and analyze both applications and security. The solution is an adaptive security architecture that can track user and entity behaviors from a variety of inputs, enabling the early identification and prediction of threats and malicious activity. Adaptive security architectures help by enabling several important features. These include multifaceted security; the evaluation of vendor ecosystems; real-time monitoring and response; filtering and prioritization; and security-aware applications.
Solution Never SleepsContinuous monitoring is essential. Otherwise, security breaches can go undetected for weeks, even months. Enterprise architects must continually examine the security implications of advanced digital and algorithmic business and related technologies, and insert a security element into the enterprise architecture. An effective program for continuous monitoring and analysis should focus on four key elements:
- Prediction: proactively assess risk, predict attacks, and monitor baseline systems
- Blocking/Preventing: harden and protect applications, divert attackers, and prevent future incidents
- Detection: detect incidents, confirm and prioritize incidents, and contain incidents
- Response: remediate/make change, design/model changes, and investigate and conduct forensics
- Analysis: find bad actors by rapidly detecting and analyzing attacks
- Prioritization: rank alerts based on their urgency, and improve alert management by consolidating and correlating alerts from existing systems
- Response: investigate alerts quickly and with minimal staff, and take autonomous actions to respond to threats in real time
3 Steps to Adaptive SecurityTo create an adaptive security architecture, start with these actions:
- Facilitate a forum of security, operations and application architects to ensure that solutions are designed and delivered with security and production operations in mind.
- Create use cases and roadmaps for the use of advanced analytics and machine learning in filtering logs and security inputs, and spotting potentially malicious patterns.
- Devise scenarios and guiding principles to help business and IT leaders prepare for the security implications of a greatly expanded set of endpoints and back-end services, including many outside the direct control of IT.