Perimeter Security is Woefully Out of Date
Investment in best-of-breed corporate IT security technologies is significantly higher than in any previous year but corporate executives are asking why high profile security breaches are growing in frequency and ferocity?
To adequately answer that question, one need only review the data. Consider, for example, the recently published Verizon: 2014 Data Breach Investigations Report of high profile security breaches. The report found that for 95% of all breaches, readily available evidence existed in an organization’s logs that it had been breached or was in the process of being breached.
More importantly, the same report also found that:
- The “time to compromise” is shortening due to the success of advanced persistent threats’ (APT) ability to infiltrate
- The “time to discovery” once a network has been compromised is increasing due to the fact that APTs are designed to evade detection
- The majority of breaches were discovered by a third party or law enforcement, not by the actual organization that was breached
- Many organizations were deemed to be compliant with the Payment Card Industry (PCI) Data Security Standard (DSS)
- Less than 10% of these organizations actually discovered the breach on their own
These are shocking statistics, especially when you consider that IT security budgets rose 7.9 percent and global IT security spending climbed to total $71.1 billion in 2014. With continuously evolving attack profiles and too many disparate security applications and appliances requiring updates on a daily basis, it’s virtually impossible for IT administrators to stay ahead of the curve. There are some common flaws in the best-of-breed approach to network security, the underlying causes of recent high profile security breaches.
A False Sense of Security
Postmortem analysis by Verizon Business investigators of the underlying causes for a security breach found that:
“Either the technology employed, processes in place, or dereliction of duty, though unintended, were often the main causes.”
These findings are understandable given the current state of the network security where corporate IT security teams are challenged to implement a network security posture by cobbling together discrete security appliances and applications from a myriad of competing security companies. Such products focus on specific aspects of network security, leaving the IT department responsible for selecting, integrating, managing, monitoring and correlating discrete security events, alerts, logs and reports into actionable security threats.
To better understand the underlying reasons for these challenge(s), let’s take a closer look at the typical approach organizations take to secure their enterprise.Most organizations focus on 4 main areas of network security:
- Perimeter defenses (firewalls, intrusion prevention devices, etc.)
- Log Management
- Vulnerability Management
- Endpoint security
On the surface, a focus on these four defense disciplines seems to be a reasonable approach to securing an organization’s network. After all, most highly respected data security standards (PCI, SOX, HIPAA, NERC CIP, NCUA, FISMA or SANS, etc.) require these four basic functions in their directives.
However, a closer examination reveals some serious deficiencies. We’ll examine the limitations of these point solutions in our ongoing series on the state of enterprise security.
Learn more about advanced security approaches.