There are three main issues plaguing IT security staff today: complexity, complexity and complexity.
According to a whitepaper recently published by ITworld Canada in partnership with Cisco, enterprises of 25,000 employees or more have two and a half times more risk of encountering web malware than small companies. What makes enterprises that much more vulnerable, according to Ahmed Etman, general manager of security for Cisco Canada, is the often complex patchwork of anti-malware software.
“Over time we [see] customers using 30 and 40 and maybe even 50 or more different security technologies in their infrastructure,” he said. “This ends up being a disaster, a very complex environment that is very complex to manage, which leads to a significant degree of exposure.”
One of the biggest issues is that a majority of these tools are built for perimeter protection. They are built to inspect, detect and block malware before it breaches the system, but once a breach occurs it takes an average of 256 days and US$3.8 million to fix, according to the Ponemon Institute’s 2015 Global Cost of Data Breach study.
“Malware is becoming very creative, because now [attackers] have the capability to alter and change the behaviour of malware so that when it goes through the security controls it does not get detected as malware,” said Etman. “And then when it lands somewhere it starts transforming or morphing into something that is malicious.”
The problem with most cyber-security technologies, he adds, is they’re largely comprised of layering this brand of point-in-time perimeter protection. “Any traffic that it believes it’s good, it just goes through.”
The best way to prevent against this sort of attack, suggests Etman, is through the use of cloud-based intelligence. As opposed to perimeter malware detection, cloud-based intelligence provides adaptive threat protection against specific threats to every endpoint device connected through the cloud, avoiding problems associated with patch cycles.
When an infected device connects to a network with cloud-based intelligence, the malware is first detected locally. “This alerts the cloud within a few seconds, and the entire enterprise infrastructure that has different Cisco security components gets updated,” said Etman. “We have this anti-malware detection capability baked into every single security technology that we produce … it’s a systemic response to something that happened on a remote site.”
This is able to shorten the length of breach detection and push out a solution to millions of devices in seconds. With rapidly evolving technologies, business objects and technological capabilities — not to mention bring-your-own-device policies and remote workers — Etman believes cloud-based intelligence is the best way to reduce complexity while improving enterprise security.
“It’s a very complex, very fragmented environment today with so many vendors, and the security operations teams are struggling just to keep things up and running,” he said. “The simpler the security operations get, the more secure it is.”
Image courtesy of Free Digital Photos