Cybersecurity Demands New Framework - InformationWeek
Cloud // Infrastructure as a Service
11:45 AM
Zulfikar Ramzan
Zulfikar Ramzan
Connect Directly

Cybersecurity Demands New Framework

Cybersecurity development has been a piecemeal process. It's time for a stronger, more cohesive approach.

If you look at how security has evolved over the past two decades, you'll see a co-evolution between point problems and point solutions. For example, twenty years ago network security was synonymous with firewalls.

But attackers soon found their way past the front door, which led to technologies like intrusion detection and prevention systems. Eventually, companies started rethinking the firewall itself and realized that it was not about exercising control at the network level, but being able to identify and control the applications that leveraged the network.

This realization gave rise to the next-generation firewall. Organizations started to realize that network security is not just about keeping bad stuff out, but also ensuring that good data stays in. The result was the development of mechanisms to monitor outbound network traffic for the presence of potentially sensitive data -- for example, data loss prevention technologies that can check for the possibility that credit card or Social Security numbers have leaked outside the enterprise perimeter.

But as threats persisted, organizations needed to continue monitoring their networks, gathering data for post-incident response. Network monitoring, forensics, and some advanced malware protection technologies were developed to address this need.

[What is the "Goldilocks Zone" of security? Read Why 'Goldilocks Zone' Of Data Center Security Makes Sense.]

With all of these technologies in place, it made sense to step back and think about whether they could be fit into a cleaner framework. To this end, Neil MacDonald and Peter Firstbrook of Gartner proposed the Adaptive Security Architectures framework, which identifies four key functional areas to handle threats to enterprise information assets: prediction, prevention, detection, and response. These four areas attempt to cover the entirety of the threat lifecycle and can be applied to any phase of computing, whether in the legacy data center, private cloud, or public cloud infrastructure.

Prediction is about handling what happens before threats infiltrate your environment. It means being able to identify risks up front and either shore them up or accept them as areas of concern.

Prevention straddles the line between what happens before threats enter and what happens when threats enter. Traditionally, prevention has been about policy enforcement and access control.

Detection is about what happens during an active attack. It is about being able to identify threats -- and ideally, stopping them.

However, despite the industry's best efforts, motivated attackers can get past the before and during stages of an attack. Therefore, the after phase becomes more critical. This phase is about what you do when, not if, a threat gets through. It's handled through incident response capabilities, which involves continuous monitoring. If you can gather relevant data up front, you can sift through it after the fact to understand the scope, ramifications, and ultimately the root cause of any threats that compromised your organization. These insights can then be applied back to the prediction phase -- thereby coming full circle.

The ability to leverage the lessons learned in one phase to improve the effectiveness of another explains why this framework is adaptive.

The framework is also useful for determining how to allocate security investments because it helps ensure that the appropriate bases are covered. But let's take another step back and use the framework as a way to fundamentally rethink security. Rather than mapping existing technologies to each of the four functional areas, why not take each functional area as the starting point and develop a corresponding technology that relates to it?

This approach would not only help ensure that you are adequately covered, but it would also position your solutions for different functional areas to interoperate more effectively. You can leverage work done to cover one functional area to develop solutions for another. For example, each area is fundamentally about data science. In each case you gather data, process it, analyze it, and derive practicable insights from it. With that mindset, security fundamentally becomes a data science problem, and you can imagine a cadre of security solutions built on top of a common data science platform.

Organizations should start thinking along these lines to build a comprehensive security strategy. My hope is that the entire industry will adopt this approach when developing new technologies.

Cybersecurity is a highly dynamic field. As new technologies and buzzwords are introduced into the IT lexicon, we need to think about the implications they will have on information security. Using Gartner's Adaptive Security Architectures framework, we can develop better, faster, more efficient, and ultimately more intelligent tools to safeguard our most sensitive information assets.

Interested in shuttling workloads between public and private cloud? Better make sure it's worth doing, because hybrid means rethinking how you manage compliance, identity, connectivity, and more. Get the new issue of InformationWeek Tech Digest today. (Free registration required.)

Zulfikar Ramzan is CTO of Elastica, a firm taking a data science approach to cloud application security. Prior to joining Elastica, Zulfikar was chief scientist at Sourcefire (acquired by Cisco). Prior to joining Sourcefire, Zulfikar was technical director of Symantec's ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
User Rank: Moderator
8/20/2014 | 1:30:51 PM
Re: Security, a process on a timeline
There are also opprtunities for an innovative framework for cybersecurity. This framework can support research, stakeholder identification of the new ideas and security innovators. The right approach can be numble and can transfer to other domains and technologies.
User Rank: Ninja
8/20/2014 | 1:18:01 PM
Re: Security, a process on a timeline
I think it's definitely a step in the right direction to remove the technology aspect from the overall security discussion. Firstly, since there are multiple technologies to address the same stages of threats, and secondly because it changes the overall thought process as to how threats are managed both proactively and reactively.
User Rank: Ninja
8/19/2014 | 11:09:44 PM
Re: Security, a process on a timeline
It's interesting that you can apply lessons from the "after" phase of cybersecurity to make your "before" and "during" phases better down the road. But can these lessons be learned fast enough to keep up with the bad guys?
Charlie Babcock
Charlie Babcock,
User Rank: Author
8/19/2014 | 5:05:11 PM
Security, a process on a timeline
Highly instructive to think of security on a sequential timeline. We have understood the time-frame for many years, but to relate the steps of responding to the threats and make the parts interlocking would be a big step forward. How do we begin to do that?
<<   <   Page 2 / 2
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll