Today's organisations and security professionals face a combination of challenges including undefined perimeters and constantly evolving security postures.
New challenges include the emergence of the Internet of Things (IoT) and the Internet of Everything (IoE), the transition from IPv4 to IPv6 (Internet Protocol version 6) and the sudden proliferation of readily addressable end points. Another emerging and critical threat is the broader use of previously unknown, powerful exploitation tools that were, until recently, limited to adversarial Nation-State actors and Intelligence Agencies. Now individuals or groups with different motivations can cooperate and share stolen information and data in ways never seen previously.
As a result, security architectures have become complex in an attempt to counteract these threats, and security controls have been delivered in non-integrated silos: the results are increasing costs and decreasing effectiveness of their integration. Across all major attacks the market has seen in the past few years there is one common thread: the attacker has penetrated the traditional perimeter defences - showing that the traditional security approach is failing.
It is imperative that organisations shift their security mindset from 'incident response' to 'continuous response', where systems are assumed to be compromised and require continuous monitoring and remediation. Organisations can achieve continuous response by developing an Adaptive Security Architecture (ASA), which aims to contain active threats and to neutralise potential attack vectors. Gartner defines an ASA along four security capabilities:
• Preventive capability: this is the set of policies, products and processes that prevent a successful attack
• Detective capabilities: these are the controls designed to identify attacks that have evaded the preventive measures and reduce the threat amplification
• Retrospective capabilities: these provide a way to shrink the attack surface, slow the rate of the attack and reduce remediation time
• Predictive capabilities: these capabilities enable the organisation to predict attacks, analyse security trends and move from a reactive to a proactive security posture
Modern enterprises need flexible methods for reliably establishing trust, detecting attacks and recovering from security incidents. This new approach to information security architecture has to mimic complex adaptive systems that can adjust to constantly emerging and changing security threats. In essence, the Adaptive Security Architecture is the enterprise security immune system.
My advice is to change the security paradigm that sees security as monolithic capability: the new approach is to address the vulnerabilities in a decentralised, autonomous way. We can be ahead of the curve in the security fight if we deliver flexibility and readiness to adapt in everything we do. Businesses must work with the right security teams, external partners and business leaders to develop both detective as well as preventative security capabilities.