Reflections on RSA – Security is Really a Control and Data Management Problem
This week, I went to RSA, an event where security vendors and professionals connect. As mentioned in the past, security is paramount to the sustainability of the network.
To leverage the network as a powerful tool for change, we must be able trust it is secure. We need trust the security of our data and information. Attacks on the network are ever-present. In 2009, malware and social networking attacks surged. Now, we contend with sophisticated mobile attacks. It’s the nuclear arms race in the world of bits and bytes.
As in the physical world, there are people motivated by greed, power and personal gain. A good example is the Zeus, which targeted financial institutions. So far, in only one attack, it infected about 74,000 PCs.
And then there are those who are looking to achieve political or ideological ends. But, as the RSA show floor and conference shows, many technologies combat and mitigate against all these attacks. There are thousands of point solutions to secure user and data authentication. There are also thousands for spyware and cloud security.
So why do organizations still struggle to protect the network? It’s because it’s a control and data management problem rather than a feature-set issue.
Palo Alto Networks talked about control of what should and should not be allowed on the network. Permissions should be according to user, their role, the application. They should be so granular that they focus on exactly what they are trying to do.
This approach makes a ton of sense because with a focus on control, you cut many risks right off the bat. You restrict peer to peer traffic and file sharing applications. Which, are too often used to gain access to the network (through malware/trojans) and all its resources. The key is to have this level of control over every aspect of your network. And this means from the edge to the core. As well as within the hosts themselves.
And then, for allowable traffic, look for threats and mitigate attacks.
This gets us to the data management problem. A typical network’s security infrastructure contains many different devices. And each has different management consoles. Every device produces a lot of logs containing thousands of pieces of information. Linking all this data and making sense of it all requires a lot of manpower and expertise.
Meanwhile, physical security, with its own risks, are separate network security. They are usually run by two different groups with very little connection. This should change and there was on one company trying bridge that gap.
So it’s no wonder it took Google and other companies MONTHS to figure out the attacks from China.
Attackers infiltrate a network and operate undetected. All under the data deluge cover. Different devices kick outa constant data stream that attackers infiltrate and operate undetected.
So why not apply insights and analysis of it to network security?
Organizations need a singular, meaningful view into the network. They need to identify status in real-time and any threats to that network.
Where are the big advances on this front? Sure, there the large, generic platforms from HP and IBM. Also, there are security-specific management platforms from folks such as ArcSight.
We would love to hear if you have seen promise in this area.
Right now, we need more innovation. We need comprehensive visibility. And the ability to easily and actively control and manage of the network.
The security and the promise of the network as a platform for change is reliant on it.
Recommended Posts