I’ve tackled proactive prevention and anomaly detection, now it’s time to examine the third key component in effective IT security: Informed response. This defines the ability of a network to deploy security countermeasures and validate their success all while maintaining continuous IT service and delivery. Bottom line? This is no easy feat.
According to CNet, cyberattacks were responsible for $1 trillion in company losses through 2013. What’s more, 97 percent of all businesses have been breached and as noted by security firm FireEye, even after these breaches the attacks continued on an average of one per week. With such large attack risk and massive potential for loss, companies must be taking cybersecurity seriously, right?
Not according to ZDNet, which reports that safety is often sacrificed for speed. A survey of IT professionals found that while the design of company networks is often driven by security concerns, the performance of this network trumps safety. As a result, advanced features like deep packet inspection (DPI), anti-spam, anti-virus and VPN access are often turned off if continuous IT service and speed targets aren’t met. The result is a network that looks safe, is easily accessible to employees but just as accessible to cybercriminals. Is there a better way?
Flying First Class
The IT informed response problem bears striking similarity to air travel. To protect airports and airplanes, travelers are now subject to lengthy screening processes and may be detained for long periods of time if they are perceived as a threat. While this enhances the total security, it significantly lowers the performance of the airport “network” — passengers are forced to arrive at the terminal hours before their scheduled departure and even small security problems can have big impacts on the delivery of flight services. The opposite is also true: if airports don’t take the time to check bags and screen passengers, easy-to-spot problems could slip through the gate. Speed increases but so does risk, along with the possibility of total network failure.
Airports are working on ways to combat this problem, for example the biometric scanners recently installed at McCarran International in Las Vegas. These fingerprint and iris scanners enable passengers to speed through lineups while still maintaining complete security. In other words, continuous delivery of service that contains security countermeasures and validates success.
So what can IT departments take from the airport analogy? That informed response is best thought of as a bottom-up process. By gaining insight about end-user behavior and monitoring this behavior in real-time, it’s possible to deliver both network speed and security. Instead of biometric scanners, it’s the use of self-learning anomaly detection that underpins this methodology — you get a complete motion picture of network health from the end-user perspective, enabling you to streamline where required and secure where necessary. Countermeasures can be mandated, validated and executed all without compromising network performance.