Graham MelvilleAs a security professional and a consumer, my ears perk up when I hear about security breaches in the daily news. My first thought is, “Has my personal data been compromised?” (most of us initially react with emotion and self-interest) and then I ponder how the solutions from my company, Gigamon, could be applied to prevent such breaches in future. I also look at what security experts, analysts, reporters and other influencers around the industry are saying.
Companies that have suffered serious breaches have invested much in security. Reports I’ve seen state that, in many of these instances, significant investments have been made in firewalls, intrusion prevention systems, malware protection and a host of other security solutions. The companies are doing their best – and most organizations do – to secure business critical data and the personally identifiable information of their customers. So why is it so hard to stop these attacks? What are cybersecurity operations teams missing? How could they rethink cybersecurity to address the modern day threat landscape?
From my perspective, a totally new and different security approach is required that goes beyond the traditional “buy more tools approach” that is not only becoming more cost prohibitive, but also creates inefficiencies and hinders performance. All signs point to the fact that consistent and concerted attention to visibility, rather than prevention, is the key to robust network security.
The exponential growth of data traveling through enterprise networks means that instead of investing in more tools, organizations must invest in and implement technology that detects and analyzes data-in-motion and sends only the necessary data to the nearest available set of security tools such as the firewall or intrusion prevention system for processing. This type of approach levels the playing field and changes the equation from “man fighting against machine” (since the attacks are likely coming from well-appointed systems in use by hackers and nation states) to “machine vs. machine.” This approach is eloquently explained in the Defender Lifecycle Model security approach proposed by my friend and colleague, Shehzad Merchant and is one proposed, at least in theory, by a recent research report from Gartner entitled “Use a CARTA (continuous adaptive risk and trust assessment) Strategic Approach to Embrace Digital Business Opportunities in an Era of Advanced Threats.”
The harsh, new reality is that cyberattacks and data breaches are inevitable. And while there is not yet a perfect approach, it’s essential that enterprises shift their approach to add pervasive visibility to their traditional prevention measures – alongside detection, prediction and containment – to improve the security of their applications and the business critical and personal data traversing their network.
With detection and response integrated into security operations, today’s businesses gain a strategic advantage in the fight to wrestle the massive volume of network cyber threats that exist in this brave new world. And that is a major step forward in shifting control and advantage way from malicious attackers and back to defenders.
