Cybersecurity threats are evolving, becoming more complex and increasing in volume. That’s why leaders in the cybersecurity field are rethinking and enhancing their approach—and turning to adaptive security, specifically.
Up ’til now cybersecurity practise has focused heavily on preventing attacks. This “ring of iron” methodology may have been appropriate in the early days of network security, when users were less mobile and there wasn’t any need for outsiders to use an organization’s computing resources. Things are a bit more complicated today.
In modern computing environments, users move freely inside and outside the network perimeter, accessing IT resources using different devices. Customers, business partners, and third party service providers all access applications in enterprise data centres. Protecting just the edge of the network isn’t enough, because the seal on your infrastructure is far from airtight.
Go for a multi-layered approach
Adaptive security brings a more fluid, multi-layered approach to security. It complements attack prevention with three other components: detection, retrospection, and prediction. Detection seeks out attacks that have evaded preventative measures so that security experts can remove them before they do more damage. When these attacks are discovered, retrospective analyses enable security professionals to find out what happened and why, so they can take measures to avoid it happening again.
The predictive part of adaptive security architecture tries to work out what will happen next. It uses threat intelligence, drawing on external data about what’s happening on malicious criminal networks to build a picture of emerging attack patterns. It then prioritizes and addresses exposures automatically.
The key here is automation. As threats continue to grow, old-fashioned approaches to cybersecurity that rely on human analysis are becoming less effective. When Target was hacked in 2013, criminals were able to compromise its POS systems by gaining access through a third party HVAC service company’s account on Target’s system. The alert system flagged the threat, but human analysts simply didn’t see the threat for what it was. These components work in concert, automatically adapting themselves to new threats, prioritizing their protective measures as new threats emerge. The idea is to create a constantly flexing fabric of protection that blankets all parts of the organization’s infrastructure, and not just a hard, rigid shell on the outside.
Analyze user behaviour
Gartner argues that analytics lies at the heart of this enhanced security culture. After all, unless you can measure and analyze what’s happening in your IT architecture, it will be difficult to adapt dynamically to any threats facing it. Analytics must cover not just what’s happening at the network edge, but also in the network infrastructure, at the endpoint and at the application level. A mature security strategy will also encompass something else: people.
User behavioural analytics (UBA) promises to be a useful tool as part of this new approach to security architecture. If there’s one thing that changes inside an organization, it’s user behaviour. Still a new technology itself, UBA is designed primarily to protect organizations against insider threats. It works by establishing a baseline of what constitutes normal user behaviour, and then constantly measuring new activity against it. If user behaviour seems inconsistent with past activity, it can elevate a user’s risk profile.
At some point, risk may be surfaced to a human analyst who will then decide what to do. A UBA system typically takes logged IT events as its input, including endpoint activities and network access. More sophisticated UBA deployments are also integrated with other corporate resources, such as human resource systems and even physical building management systems, which can provide even more intelligence.
If a sales executive printed off several documents relating to large customers just after a negative performance review, a well-tuned UBA system may pick up on it. Similarly, if an administration assistant’s badge was logged visiting the R&D lab on company campus after hours, a UBA system may raise her risk score. User behaviour analytics is a young technology that will need a mature IT team to implement it. Integration between UBA systems and other elements of IT infrastructure is often ad hoc, and configuration of a UBA system can be a challenge, requiring in-depth understanding of how an organization operates.
Because a dynamic, multi-layered security architecture draws on so many aspects of a company’s operation, security teams must learn to work with people from a variety of disciplines, including enterprise architects, network technicians and even human resources and compliance experts. Attempt an adaptive security deployment only with support from these people and from senior management.
The journey to a new, more robust type of security platform may be challenging, but if implemented correctly it could lighten the load for human analysts and create a more dynamic, pervasive security culture that can mould itself to any emerging threat.