Re-imagining IT security

by

2 March 2016
Sumit Bansal of sophos

Today many organisations, regardless of size, are at an unacceptable level of risk. The combination of increased risk, volume, sophistication and success of attacks coupled with small and resource constrained teams have created such risk.

According to a recent Ponemon Institute Report, 74 per cent of breaches go undiscovered for more than six months. In today’s dynamic business landscape, enterprises can no longer afford to treat security reactively, discovering a security incident only after a user complaint is lodged and the IT team despatched for investigation.

Inside every organisation are multiple entry points that are waiting to be exploited and compromised by cybercriminals. While businesses are taking a conscious effort in protecting their digital assets from potential theft or leakage, gaining visibility into an organisation’s security posture across the entire attack surface remains a complex and daunting challenge for many.

IT security re-imagined

For years, network security and endpoint security have been treated as two completely different entities.

IT security is not regarded as an ecosystem, but rather, as disparate layers that operate independent of nearby objects and events. Specialised siloed point security products typically make up these layers upon the hope that an incident could be stopped at any one of these layers.

This concept is flawed and has been deemed ineffective in forestalling sophisticated threats that are becoming increasingly coordinated. The result is disjointed security that may crush separate elements of the threat, but still fail miserably in offering complete visibility and control for rapid response and remediation.

The bad news is complex, threat-centric, headcount dependent and myopic solutions will no longer meet the needs of today’s resource constrained IT security teams.

What if security could be just as coordinated as today’s cyber threats, by allowing real-time commmunications between the network and endpoint, and at the same time, be synchronised across the entire threat surface to deliver better protection?

In other words, businesses, regardless of size, need an integrated, ecosystem-centric IT security system that is highly automated, and also an advanced intelligent system that is simple to deploy and use at the same time.

Automation and rapid threat response

Automation is perhaps one of the most important and pragmatic benefits afforded by synchronised security, where individual components share information between the endpoint and network to coordinate an immediate and appropriate response to suspicious behaviour, with minimal or zero human intervention.

For instance, if a protected endpoint is compromised, the synchronised security protection put in place will immediately isolate this endpoint, preventing it from leaking confidential information to the server. This type of discovery and incident response usually takes weeks or months, but has now been reduced to seconds with synchronised security.

With synchronised security, businesses can achieve an automated and integrated response capability to protect against cyber attacks, and as a result, a significant reduction in time and resources required to investigate and address security incidents – which in turn free them up to focus solely on running their core business.

Sumit Bansal is director for ASEAN at Sophos.