Last year, according to the 2016 Cyberthreat Defense Report from CyberEdge Group, a shocking 76 percent of enterprises were victims of a successful cyber attack. Even more shocking is that these attacks are occurring despite increased spending on security. You can interpret this several ways. Companies are either overconfident about their security defenses; they’re underestimating the extent of the growing attack surface; or they’re unaware of how profoundly recent trends impact their security defenses.
For many companies, it’s all of the above. In any case, the place to start in strengthening your security posture is to take a more structured approach to analyzing the security impacts of recent trends and prioritizing your security investments.
Brian Kenyon, chief strategy officer at Blue Coat (now part of Symantec company), has identified six overarching trends that significantly impact the security posture of the enterprise, along with the key requirements and considerations for strengthening security defenses in each category. This slideshow will present the big picture and a discussion of these six trends.
Top Security Trends
Click through for six trends impacting the security posture of the enterprise, along with key requirements and considerations for strengthening defenses, as identified by Brian Kenyon, chief strategy officer at Blue Coat.
The Evolving Endpoint
Both the number and the variety of endpoints that must be secured have been expanding rapidly in the past few years, especially with the upward spiral in mobility, cloud computing, and the Internet of Things (IoT). Gartner famously estimated that more than 26 billion devices will be connected to the Internet by 2020; Cisco claims it will be 50 billion, and Intel says it will be 200 billion. Take your pick; the point is the same — an exponential increase in the volume and diversity of endpoints is underway.
From a security perspective, most concerning is that many of these interconnected devices do not have a security profile or a security agent resident within them that the enterprise can use to validate security. From a network perspective, the enterprise must provide a consistent security policy across all of these new and emerging form factors that allows the scalability and visibility to adhere to and adapt to new security controls.
The Expanding Perimeter
In the same way endpoints are proliferating, so are the networks to which these devices connect. Just a few years ago, the corporate network and the home network were the predominant connection points. Today people often connect to multiple networks over the span of a few hours. We wake up and check our work email on the home broadband network; we do a little work at the local coffee house via guest Wi-Fi; we tap into the enterprise network when we arrive on-site at work; we switch to another guest network at the airport, even on the airplane. And, (gasp!) perhaps we even glance at email while stopped at a light over 4G wireless.
All of these networks add a new layer of complexity to the attack surface. To provide adequate security across all of them, what’s needed is location-agnostic security technology that follows the user across his or her daily journey, wherever that might be. You need a unified, seamless blanket of protection.
Encrypted Traffic Visibility
Encrypted traffic is referred to as the “the silent killer” because it often carries malware but never triggers alarms. Yes, encryption protects user privacy and sensitive business communications, but it also provides a hiding place for malware — because the traditional security tools companies have invested in are not capable of decrypting traffic in real-time.
This creates a security blind spot, and that’s a growing problem for two key reasons. First, encrypted traffic creates a false sense of security because administrators never see or hear any security alerts. Second, the use of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption is on the rise. That means it’s only going to be harder to get a handle on the magnitude of the risk of encrypted traffic traveling through an enterprise.
Companies are finding that the cloud enables them to increase their focus on innovation, work more collaboratively, release better software faster, and even transform their IT processes — if they can ensure security and privacy.
The move to cloud-based Microsoft Office 365 is a great test case for the public cloud model, because when you move to Office 365, you not only get the economic benefits of not having to buy and maintain your own infrastructure to run Office, Exchange, or Sharepoint, you also get better features. However, from a security perspective, a wholesale move to the cloud should not begin under the guise of a licensing agreement with Microsoft. You can’t leverage the advanced economic opportunities of the cloud if you have to compromise security.
Cloud Application Usage
The move to the cloud model gives the user unprecedented control over which devices and which applications he/she will use, and under what conditions. Anyone with a credit card and an Internet connection can circumvent the IT department and contract separately with multiple IT service providers. It’s called shadow IT, and it has moved from an unpleasant specter haunting the IT department to a common and accepted practice that must be managed.
There is no longer any question of curtailing shadow IT — the new question is how to regain enough visibility and control to protect the user and the enterprise. Simply put, IT organizations have to get ahead of this trend because users are driving now — and putting their own privacy and corporate data at risk. Companies cannot afford continued erosion of their security posture. They need visibility, multiple inspection layers, and data inspection capabilities to empower users to take advantage of shadow IT safely.
Advanced Malware and Incident Response
Malware keeps getting more sophisticated and successful, using multiple techniques of obfuscation and hiding in encryption to mask its nasty intent. The traditional “identify and block” model is simply no longer adequate. What’s needed today is a more holistic strategy of monitoring the entire environment, detecting intrusion attempts, and responding to successful attacks quickly and effectively.
If you’re a security administrator, chances are you already realize that events are happening at all times, everywhere around you. You need a way to not only spot the truly dangerous ones, but also respond to and mitigate them quickly. This requires visibility into and control over all layers of your security posture, the formulation of a consistent and effective response to incidents and events, and the ability to automate the remediation process. This, in turn, requires the ability to look back in time, see what deviated between then and now, and implement an automated remediation solution. It’s also very important to learn from the unsuccessful attacks on your environment as well. Each attack that you detect gives you vital information about your attackers: tools, techniques, and procedures that can help you ensure your defensive layers are adaptive and increase the efficacy of your controls.