A soccer ball without a player is useless. A violin without its musician is just a bit of wood and wire.
And a beautiful new security deployment, no matter how advanced, needs skilled people to configure and operate it properly. That deployment must be operating at maximum effectiveness. It also must be tuned to the organization and assets it is protecting and to the priorities and risk environments that an organization is facing.
People with the most current skills and knowledge are the future of security. We as an industry, and as a company, must invest in those people—to turn them into the world’s most highly trained professionals—if security deployments are to be effective.
People and security controls are two sides of the same coin, and both are critical to keeping organizations safe in today’s high-risk environments. Properly trained people understand and write more nuanced policies, implement more effective controls, and thoroughly understand reporting from security systems and new or external requirements. I wrote about these issues and their impact on the market recently for Cyber Defense Magazine, but I wanted to take a closer look at what we at Cisco are doing about this challenge.
Organizations need visibility into the network
As new digitization trends such as IoT, Cloud, network programmability, and Big Data disrupt the market, it’s critical to ensure that the organization’s security measures are evolving to keep pace. Without it, companies risk exposure to crippling security breaches.
These new technologies can lead to massive productivity gains, but they should be deployed with a measure of risk analysis and security controls and procedures in place. Otherwise, they could inadvertently lead to the creation of new business risks—the low-hanging fruit for somebody looking for the opportunity to profit from a system compromise.
Vendors are beginning to deploy IPS and security sensors throughout their information systems, analyzing that sensor data with analytics to detect security breaches. The many non-PC systems unable to incorporate IPS and security sensors, coupled with the inherent untrustworthiness of having targeted systems report their own security status makes it difficult to fully protect these non-PC systems from within themselves.
Would it make sense to trust possibly compromised systems to report their own security status? Of course not! One solution is to monitor devices of all types from the very network infrastructure used to interconnect this growing collection of systems.
It is imperative that organizations have visibility, security intelligence, and analytics to sift through this sensor data to identify anything unusual and concerning.
Increased visibility can deliver a massive amount of data to sort through. Then the challenge is to find the needle in the haystack and to connect the dots through thousands or even millions of transactions that are likely to sweep an organization downstream.
Two things help us here. First, intelligence feeds tell modern security systems what to watch for. Second, analytics engines sort through data; they filter out unusual events, patterns, and trends; and then they conduct further analysis to determine which ones are security concerns and which ones are merely unusual items.
Cisco is a valuable partner
Fortunately, technology that gives organizations better and timelier visibility is at hand. Cisco is the leader in creating infrastructure that connects all these devices, and it can enable consistent security data to be collected from nearly any device connected to the now-ubiquitous network. It can also carry embedded security. This delivers more consistent security coverage than expecting those 600-odd companies that are building endpoint systems to deliver consistent and built-in security.
Cisco’s core value here is security-enabling as much of the IT infrastructure as possible and gaining maximum visibility throughout the network. That visibility comes from using the network itself as a sensor for information flowing between systems and devices. These security sensors built into the network are analogous to CCTV cameras throughout a secured building. They grant security personnel the visibility into relevant security incidents throughout the building, allowing them to respond in a reasonable amount of time.
Without this visibility, the industry average time to detect (TTD) a security incident is in the order of months. With this increased visibility, and with the power to analyze and monitor the information from these sensors, Cisco can reduce that TTD by an order of magnitude. To maximize detection of security incidents, Cisco has focused on acquiring key security technologies to reduce TTD, including:
- SourceFire – FirePOWER Next-Gen IPS, Advanced Malware Protection (AMP)
- ThreatGRID – dynamic malware analysis and threat intelligence
- Lancope – StealthWatch context-aware security analytics
- OpenDNS – advanced threat protection delivered via cloud for any device anywhere
In this post, we’ve covered the technology that delivers the visibility, security intelligence, and analytics into sensor data.
In the second part of this blog post, we’ll talk about the other side of that coin—the trained security personnel necessary for organizations to leverage that technology to the hilt.