We are experiencing a veritable onslaught of attacks by highly organized cyber criminals. It’s so bad that the current US Secretary of State, John Kerry, recently described the situation as “pretty much the Wild West”.
If cybercrime is so highly organized, then we must also be highly organized to counter the threats. The “Wild West” must be kept fully in check by consolidating our security infrastructure. But what does that entail?
Many organizations are faced with a situation where a nebulous security infrastructure profile has emerged over the years. This is often due to piecemeal solutions for specific threats and the creation of a disjointed, case-by-case arsenal. Added to this is the organic nature of evolutionary security policies against the backdrop of the changing threat landscape and the opening up of the perimeter to the cloud. The whole thing then leads to the mere extinguishing of momentary hotspots with inefficient use of resources. Ultimately, we are pursuing a reactive rather than a proactive security strategy.
The reasons and drivers of consolidation
There are several reasons why consolidating your security infrastructure is a good idea. Basically, it is advisable to pool resources and understand what is available to you, because knowledge is also power in this case, or the ability to counter cyber security threats. However, external factors such as compliance and regulatory requirements also play a role. They are additional drivers for the need to be more streamlined and efficient to make managing the compliance process more seamless and less burdensome.
Consolidation: Knowledge is power and simplicity is your friend
The first step to consolidating your infrastructure is to understand what is available to you and where you are falling short. This includes recognizing the threat landscape and knowing the current countermeasures to assess your own security needs.
As you play through this, the watchword should be: Simplicity, in everything you do. The acronym KISS – for “keep it simple, stupid” – can help you make good decisions. In the field of security, anything that comes across as overly complex leads to sources of error, lack of understanding and human error.
You may now object that the security infrastructure is a complex matter. It is true that complexity is increasing, especially with regard to drivers such as BYOD (Bring Your Own Device) and the highly disruptive Internet of Things (IoT). These fairly new phenomena have added additional layers to the problem of security that did not previously exist in this form. Things get tricky when old technology meets new. And this is where knowledge can help simplify things.
One key area where the knowledge-based approach can increase efficiency is the cost-effectiveness of the security infrastructure. Massive sums are being spent on cybersecurity prevention measures. The market research and analysis company Gartner expects companies to spend 108 billion US dollars on cybersecurity by 2018. This estimate is supported by PricewaterhouseCoopers. In its Global State of Information Security Survey 2015, PwC states that spending on information security has doubled compared to general IT budgets since 2013. These exorbitant costs need to be contained. And this is where consolidation comes into play.
Consolidate security infrastructure – now
Our older technologies, especially point solutions, have only been used with limited success over the last ten or more years. They were the mainstays of security in our companies. But times have changed. Cyber threats are now more sophisticated and multi-faceted – as our technology evolves, so do the threats. Point solutions have led to “too many cooks spoiling the broth”. The tangle of products we depend on is our downfall. Just managing and updating the products is a management nightmare. Every time a new point solution is added to the extended infrastructure, the operating costs of that product increase in terms of management, training and employee sensitization. And more point solutions means more points of failure, meaning more areas that can lead to a potential cyber threat becoming an actual incident.
In addition, point solutions are no longer able to cope with cyber threats. There are many antivirus programs that can no longer keep up with the threat landscape. Updating virus and malware databases can lag behind the threat curve. Imperva’s analysis of antivirus programs found that 75% of databases had been out of date for over a month.
Consolidation requires modernization
A modern approach is to use holistic technologies that are capable of managing the highly distributed and diverse infrastructure of today’s organizations. Consolidation is something that can bring your extended network and Internet application resources together, rather than treating them as separate entities as point solution products do.
The knowledge base developed at the beginning of the consolidation allows you to understand which security tools lead to a more holistic approach for your security infrastructure.
First and foremost, you need a good supporting architecture as the foundation of your infrastructure. A reverse proxy architecture can give you many security benefits, including more efficient handling of HTTPS traffic.
A Web Application Firewall (WAF) and especially the use of intelligent web application protection are extremely effective, modern methods to prevent attacks on the application layer and on the extended web service layer. WAFs with Security-as-a-Service (SaaS) features are particularly useful as they offer centralized management, monitoring and event logs. Monitoring and threat analysis in particular are becoming increasingly useful in the ever-changing threat landscape, where new vectors (such as malvertising) are becoming the norm.
Authentication policies are another area that is ripe for consolidation. Single sign-on (SSO) across the entire company and web applications is one way to reduce the problem of resource-hungry identity management. It also makes employees more productive and helps when dealing with BYOD. However, other authentication options such as two-factor authentication should also be used where necessary, including as part of an SSO system.
Another coping mechanism is to centralize your security strategy through virtualization. It can reduce costs and make security a more manageable area.
The best way to consolidate your security infrastructure is to look at it as a change process. This is where everything comes into play: your in-depth understanding of the extended architecture and data flows across the entire organization and the application of a holistic approach using Security 2.0 tools to create a modern, strategically aligned security infrastructure.
A consolidated future
Today’s enterprise is characterized by fuzzy, constantly evolving layers. We need to take an approach to infrastructure security that allows us to deal with a very complex and constantly changing environment. Flexibility and simplicity must be at the center of our efforts around infrastructure security management. As organizations expand their interactions in cloud environments and with the emergence of disruptive technologies such as the Internet of Things, we need to develop a new mindset to perfect our security infrastructure. Consolidating the existing with the help of Security 2.0 thinking will help us create the kind of resilient organization that is able to withstand the onslaught of threats we see every day. We need to adapt to threats that come from within as well as from without. We can do this by relying on knowledge, experience and applied intelligence as well as Security 2.0 tools as we know them from the web application protection camp. We need to build enough flexibility into our infrastructure to cope with an ever-changing threat landscape. This requires creative security to build a tight, robust and reliable infrastructure security model.