By Ron Temske, Vice President of Security Solutions, Logicalis US
Let’s talk about security architecture and why it matters for your enterprise. When I present on Enterprise Security, you’ll notice that I frequently discuss the topic of security architecture. While you can make a strong argument for an architected approach in many areas of IT, I think it’s particularly important in cybersecurity. Let me take a moment to explain what I mean by architecture and what alternatives exist.
For many years, most purchasers of enterprise security solutions would pursue a best-of-breed approach. They would typically review the Gartner Magic Quadrant and pick the upper-right-quadrant Firewall, Intrusion Detection, Anti-Virus, etc. This would provide them with a collection of very good tools, but there would be little or no integration between them. It’s generally possible to create some level of integration, and you can certainly invest in some custom development to leverage published APIs, but that’s an expensive and inefficient proposition.
Today’s threat landscape is different, in that malicious actors now generate campaigns leveraging automated tooling, literally using a Cybercrime-as-a-Service model in conjunction with criminal affiliate networks (who “earn” a portion of the profit) to distribute their malware. Therefore, your security architecture must not only be integrated but also must include automation or you will find your organization applying human processes to defend against machine-generated campaigns which is clearly a losing proposition.
An architected approach to enterprise security requires products and solutions that are designed to work together – “factory integrated,” if you will. Bear in mind this does not necessarily require that all the products come from the same vendor. This is critically important in security. To illustrate why this is the case, I want to explain an important concept in security called “The Cyber Kill Chain,” an idea first published by Lockheed Martin. There are many papers and articles on this concept, but put simply, the idea is that there are multiple layers to security and multiple opportunities to detect and stop an attack. For example, we might be able to detect when initial reconnaissance is being performed, or when a malicious link is accessed.
With an architectural approach, we want to capitalize on security solutions that are tightly integrated and able to apply automation. Suppose for example an attack makes it past our firewall and IDS/IPS system, but is detected on an endpoint due to a malicious behavior modifying file structure that could not be seen from the network. In an integrated environment, the endpoint will share the information in a manner that can be used with the organization’s firewalls, for example, as well as an outside threat intelligence organization in a secure manner.
Other organizations that don’t necessary have the same products will now have the capability to detect and block the threat. Now we have multiple layers of our defenses all on the lookout for future attacks of that nature. It’s this integration that provides a much higher efficacy rate in stopping attacks because all the elements can communicate and share threat information, while using automation that can defend, without involving human processes.
It is our view at Logicalis that an architected, integrated ecosystem, with an appropriately automated approach leveraging threat intelligence to security, will outperform a best-of-breed approach overall. Clearly, all the components must perform well – an integrated platform using sub-standard components won’t perform well – but leveraging this approach will pay dividends.
Learn More
Read a two-part article exploring what an umbrella approach to security can look like in your enterprise – Part One: Potential DNS Vulnerabilities (http://ow.ly/Gd7Q307SBUE) and Part Two: A Secure DNS (http://ow.ly/kSuT307SCnY). Then, download an infographic displaying the benefits of Taking an Umbrella Approach to Security and one displaying the benefits of Transforming Internet Security with Big Data.