The changing faces of security

The increasing need to protect security estates

It's now becoming much more difficult to protect a security estate due to the huge variety of attacks. The simple fact is that with the amount of potential attackers out there, you cannot cover all bases at once.

Furthermore, defence technology is slightly behind the curve. Attack vectors are morphing as they propagate, and protection software is always out of date by a day. In fact, every day software is only in date for a microsecond. In 2005, Panda Software reported that a new strain of malware was discovered every 12 minutes. In 2016, the cybersecurity company McAfee says it found four every second. Software cannot fight a threat that it doesn't know about yet, and with the creation and development of malware being so fast, software seems to struggle to keep up.

Because of this, there are many attack vectors that companies just cannot cater for as they are not deemed dangerous enough to deal with. The high volume of attack vectors and the delay in technology "catch up" means that you cannot cover all bases, so companies are simply focusing on the worst offenders. The staggering number of attack numbers and the growing sophistication of malware means that a single security approach is no longer enough. Ultimately, if we solely rely on traditional Anti-Virus software for protection then we are always at risk. This makes total cyber security nearly impossible.

How to stay safe in a cyber-world

The only way to protect our security estates is to start viewing those estates differently. Instead of using traditional stateful Firewall method and trying to keep things out, we should be restricting users to the kind of activity that can be controlled. Identifying and managing the user and the content that user accesses can do far more to protect a security environment than attempting to cover all security bases. Successful user management includes single sign on and ID as a Service.

Ultimately, there's a need for companies to understand exactly what their users are doing. In compliance terms, the technology that companies use can't control enough of the environment to meet compliance needs. In a world where users are demanding anytime, anywhere, any place access to data and other corporate assets, it is crucial that they understand the implications and risks of this access.

The key to cyber security is to get end users to understand and be responsible for data and information that they handle. Employees shouldn't feel hindered by technology and security; they should be able to use the technology given by employers to support the job function whilst, at the same time, being able to adhere to compliance regulations and understand their role in that compliance. The adoption of Single sign on and other solutions help to seamlessly integrate security within the users' workflow, almost invisibly.

Therefore, defence now requires a more joined up approach. Technology and software are necessary for protection, but to truly protect your security estate you need to be proactive. Proactive monitoring can often pre-empt breaches before they are allowed to cause business disruption. Recent technology innovations in global threat intelligence, behaviour analytics, and artificial intelligence enable this proactive approach to scenarios such as security incident and event monitoring (SIEM). But a SIEM is nothing more than a tool; it's the analyst support in interpreting the output that allows for critical decisions to be made.