Current Filter: Document>>>>>Interview>

   

Cyber threats continue to increase in volume and complexity, often employing multiple attack vectors in parallel. A targeted attack will often start through spear-phishing, which is becoming an increasingly effective entry point. Over 23 per cent of recipients open phishing emails and 11 per cent click on phishing attachments according to the 2015 Verizon Data Breach Investigations report. When a target clicks a link to a malicious page, an exploit can be surreptitiously downloaded. Many attacks start this way and open a backdoor which provides attackers with entire network access.

With traditional layered security, each layer is designed to defend against a specific type of threat. CISOs are faced with an overload of point products from a plethora of vendors, but they tend to be difficult, if not impossible, to integrate. This results in severe visibility limitations across an organisation's security posture. At best IT sees only individual pieces of the security puzzle, which can create serious gaps.

This lack of integration between layers and products makes the traditional layered security approach fundamentally ineffective in protecting against multi-vector blended attacks. It's true that SIEM solutions take a step in the right direction, but the critical signals are often lost in the noise.

Perhaps it's time for a different approach, one that has integration at its heart. Consider services that take activity, traffic and behaviour feeds from each major vector, web, email and host (endpoint), and then correlate individual anomalies and patterns to help identify and block threats in real time.

As blended threats become more sophisticated, we need to see the components of the security infrastructure develop deeper levels of awareness, connectivity and adaptability. For example, if a group of laptops in a branch office is suddenly sending traffic to a low-reputation IP address in China, the network will need to immediately adapt, perhaps shutting down access to that IP, or sandboxing traffic from that part of the network for further inspection. These technologies can no longer exist in isolation. A cloud-based security layer can provide this capability, enabling commonality of policy and correlation of activity and response across the entire environment.

Next-generation cloud-based services take their feeds from across the security stack to create a unique visibility which is correlated across thousands of organisations, enabling new and emerging threats to be detected in a way that was previously not possible. Cloud-based services also close the loop by enabling threats to be blocked in the cloud before they can affect an organisation's network, devices, or data.

As the many components of the security infrastructure become aware of, and responsive to each other, we can begin to extract true intelligence from an understanding of the inter-relationship and correlation of activity across the internal network, endpoint devices, cloud-based applications and the internet at large.

As these services are delivered through the cloud, we can gain an unprecedented vantage point from which to extract intelligence in real-time, using a global footprint of enterprises, end users, and infrastructure. This is simply impossible with the organisational, silo based, event-driven approach.

The emergence of smart, integrated, cloud-based security services enables a transformation from an alert-centric to an intelligence-centric approach to security. This enhances the CISO's visibility and delivers a robust security posture. A fully cloud-based model also provides a total cost of ownership that can be 20 per cent of the comparable premise based solution.

But the shift to cloud-based security won't happen overnight and many organisations may select a hybrid cloud/premise based model. We think that 2015 may prove to be a tipping point and there may well be a time when the cloud becomes the predominant way to protect critical infrastructure, data and people.