How to disrupt the disruptors

Think Progress Team

Tuesday 14 February 2017

As targeted attacks become more complex, established forms of enterprise security are being rendered increasingly obsolete. Stalwart preventative safeguards such as antivirus software and firewalls are being breached with increasing regularity, and these measures alone can no longer be relied upon to protect networks or platforms.

Making do with the status quo could be an expensive strategy. McAfee put the cost of cybercrime at up to $575 billion (€540 billion) – and these figures are from a June 2014 report into the economic impact of digital breaches. You can bet they are even higher now.

Security information and event management systems will still have a crucial role to play in sniffing out attacks as they happen. However, to distinguish between events and non-events, your team needs to combine detection-prevention correlation with passive scanning. This is where adaptive security architecture comes into play, providing business-critical context and an intelligent, reactive shield.

Clues in communication

Instead of simply detecting network behaviour anomalies, your team needs to moves towards behaviour analysis. This means setting in place a complete network baseline, monitoring it for any unexplained spikes and watching the flow of data and traffic.

As soon as your business can accurately identify which systems are talking to one another and where these conversations go, you will have a more complete picture of your network’s integrity – and not only its current state. By seeing what’s coming and going and when, your team can better predict future incursions.

What does this mean? Less time spent analysing traffic, assessing threats and comparing them with vulnerability assessment information.

Disruption to help stability

Business intelligence firm Gartner identified adaptive security architecture as one of its top 10 strategic tech trends in 2017. Why can it give your business a disruptive edge? Because most companies continue to invest in preventative information security measures. So while malware could be sat on a competitor’s servers, intercepting data and brewing up a huge hit of reputational damage, your network would have seen it coming and locked it out.

It can also fill in the blind spots many businesses suffer from when it comes to network incident response. In thinking that a daily scanning regime is coverage enough, networks and systems are left extremely vulnerable. Once an intrusion is detected, even if it’s hours or minutes after the fact, the damage has already been done.

Ever-present incident response means applying machine learning techniques and big data analysis to help catch fraudulent transactions and other threats before they happen. Enterprise architecture continues to grow in sophistication. Threat detection needs to evolve faster – and adaptive security architecture is a head start.

This is the second in our disruptor series. Check out our first piece, What is MASA – and how can it give your business a disruptive edge?


Building the next-gen data centre

Where traditional and web-scale apps co-exist