Debunking the myth of perimeter security
Major shifts in technology, such as the rise of cloud, mobile and the IoT, have smashed a gaping hole through the traditional perimeter-based focus on enterprise security. As a result, organisations need to change their strategy from prevention-only to detection and response.
Today's business IT environment has transformed organisations, boosting their flexibility, efficiency, productivity and more. Cloud, mobile and, increasingly, connected devices and systems are now mainstream for enterprise IT.
But this change has also brought with it more sophisticated and advanced security threats that pose a significant challenge to traditional perimeter-based security, such as firewalls and intrusion prevention systems (IPS). The attack surface and types of threat have expanded: in short, those perimeter gates have been breached and there's no going back.
There's no doubting just how much the enterprise IT landscape has changed over the last few years. Adoption of cloud computing services continues to increase, passing the tipping point into mainstream enterprise IT. In one study, respondents said 80 per cent of their organisation's IT budget would be spent on cloud-related services by 2018.
Likewise, mobile expenditure continues to grow, with worldwide purchases of mobile hardware, software and services predicted to hit $1.67 trillion in 2020, according to analyst IDC. A good percentage of that spending is in the enterprise, where IDC says mobility is now a "core end-user computing technology for enterprise workforces".
And the burgeoning world of connected devices and sensors that makes up the internet of things will punch yet another gaping hole in any notion of traditional perimeter security. Gartner forecasts there will be some 20.4 billion connected objects in use worldwide by 2020.
For chief information security officers (CISOs) and their teams, this modern business IT landscape creates challenges around visibility over the network - particularly around how data is moved, stored and who is accessing it - and sifting through the noise from the increasing volume of security alerts and log data to ensure nothing slips through the gaps.
Inevitably, that means the chances of an organisation being breached are now high, and so enterprises are shifting tactics from a prevention-only approach to what Gartner calls "detection and response".
The analyst says this shift, spanning people, processes and technology, will be responsible for the majority of the growth in the security market over the next five years. Gartner analyst Sid Deshpande says: "While this does not mean that prevention is unimportant or that chief information security officers (CISOs) are giving up on preventing security incidents, it sends a clear message that prevention is futile unless it is tied into a detection and response capability."
Some of the tools that form part of this new detection and response approach to security include endpoint detection and response (EDR), software-defined segmentation, cloud access security brokers (CASBs) and user and entity behaviour analytics (UEBA).
A threat lifecycle management approach is also essential in this pivot from a passive to active security stance. This helps to create visibility and filter out the noise using behavioural analytics, centralised case management, continuous monitoring, automation, orchestration and, increasingly machine learning and artificial intelligence.
In an interview at the RSA Conference 2017, James Carder, CISO and VP at LogRhythm, explained: "The more you can automate, and the more you can embed that workflow into your business processes, every CISO is going to reduce that time to detect and respond...and that's really what the focus is today on security information and event management (SIEM)."