Wednesday, July 9, 2014

If you had only one more security dollar… [feedly]

If you had only one more security dollar…
// A Collection of Bromides on Infrastructure


what would you spend it on?   Improve endpoint security, or better protect your network or your applications?

This was the topic debated by three Gartner security analysts: Neil MacDonald (endpoint), Greg Young (network) and Joseph Feiman (application) at #GartnerSEC in DC, in June.

Watching Gartner analysts debate each other is fun – much more fun than watching them pontificate.  They live and die by their cred, so the gloves came off pretty early and they landed heavy blows on all three categories:

  • In spite of the promises of network security vendors it seems pretty easy for malware writers to bypass the state of the art network protection; Rapid growth in encrypted traffic will increasingly leave network security blind; High false positive ratios leave network security teams with floods of red-alerts; and even if an attack is detected, IT still has to remediate the endpoint.  Finally, both "cloud" and "mobility" make the enterprise network less relevant in both detection and attack prevention.
  • Application security is a pipe dream.   It's been "almost ready" for ages, but it never seems to come closer to reality.  Reason: the complexity of modelling applications in a way that is semantically useful for security.  Moreover, the adoption of cloud and SaaS makes instrumentation of apps even less likely.
  • The endpoint is an unmitigated disaster with failed AV technologies and untrainable users who click on bad things. BYOD, mobility, PC/Mac… all make it worse.

Each analyst did his best to defend his turf too:

  • More hardware ought to solve the network crypto problem (my view: if at all feasible this will beexpensive); Better instrumentation and big-data analysis will help to reduce the challenge of picking out the needle from the haystack.  And, mobile users need to be forced onto the VPN.
  • New endpoint technologies, including isolation of untrusted execution, can transform the trustworthiness of the endpoint – which is responsible for >70% of enterprise breaches.   Alternatively, new approaches to endpoint detection (eg: searching for IOCs) can help to identify compromised systems quicker.
  • Application security could be "a big win".   A practical approach is to dis-aggregate apps into multiple services in VMs, and to instrument each VM container to look for application-layer security anomalies.

But what of the original question – where can a CISO get the most value for her additional security dollar?

To my mind the answer is easy (if predictable): Micro-virtualization is a single solution that simultaneously addresses the biggest challenges in each of network, endpoint and app security:

  1. Micro-virtualization secures the endpoint – the source of > 70% of enterprise breaches - enabling it to protect itself by design from attacks that originate from the network or untrustworthy attachments or files on removable storage. It also automatically remediates malware.
  2. Micro-virtualization secures the enterprise network from end-point originated attacks. Malware that executes in a hardware-isolated micro-VM cannot access the enterprise network or any  high-value SaaS sites.   Malware can never use a client device to probe the enterprise network.
  3. Micro-virtualization secures vulnerable client applications and web-apps delivered to end users.   Each site or app is independently isolated, with no access to valuable data or networks – protecting the app from an attacked enterprise device/user, preventing credential theft and session hijacking.  It can also enforce key policies including use of crypto, restricting access to networks/sites, and enforcing DLP.

Micro-virtualization delivers the greatest security bang for the buck because this single solution solves the endpoint, network and application security problems for > 70% of enterprise breaches.

Add to this the fact that a micro-virtualized endpoint never needs remediation, protects itself even when using un-patched third party software, and renders a vast swath of kernel zero-day vulnerabilities irrelevant.

Finally, recognize that micro-virtualization empowers users to be productive anywhere, to click on anything, on any network, and – if the endpoint is attacked – it delivers precise, detailed forensic insights, in real time, without false alarms.

A dollar spent on micro-virtualization massively reduces the workload on the security team while making it better informed and strategically aligned with the objectives of the business.  It's a no-brainer.


Shared via my feedly reader

Sent from my iPad

No comments:

Post a Comment