Adaptive security: the next phase in enterprise protection
The adoption of adaptive security in HK enterprises is expected to accelerate in 2018 (image: iStockphoto)
In the past couple of years, industry experts have been saying enterprise IT is on the cusp of a major shift towards adaptive security. And the journey that will bring security closer to the heart of the enterprise is expected to accelerate in 2018.
According to Gartner, security is another infrastructure technology that must improve to permeate deeper into the stack, becoming an integral part of application design to harden vulnerable APIs and networks.
“Security starts with network and access control, vulnerability management, endpoint protection and basic monitoring. However, organizations must accept that these controls alone are insufficient,” said David Cearley, vice president at Gartner.
He noted hackers target applications and content sources, as well as individual services that organizations have intentionally opened to the outside world to promote the development of business ecosystems. And these hackers also zero in on the digital twin models that can monitor and control physical assets.
“Applications, services and models are a critical element in the security equation, and a security mindset is vital when designing, developing and testing these applications,” Cearley said.
From incident response to continuous response
Experts describe adaptive security as an approach to safeguarding systems and data by recognizing threat-related behaviors rather than the les and code used by virus definitions.
And the essence of the approach is the ability to adapt and respond to a complex and constantly changing environment. However, the majority of companies today remain locked in the “incident response” mindset.
“Organizations’ current mindset is one of ‘incident response’, in which they view incidents as occasional, one-off events,” said Cearley. “In this era of continuous compromise, they must shift to a mindset of ‘continuous response’, viewing attacks as relentless, and hackers’ ability to penetrate systems and information as never fully blocked. Organizations must monitor their systems continuously.”
He added: “Continuous monitoring will generate an enormous volume, velocity and variety of data, so big data advanced analytics will be the foundation for next- generation security protection solutions.”
By 2020, Gartner predicts that 40% of enterprises will have established a “security data warehouse” for the storage of this monitoring data to support retrospective analysis.
Lack of qualified talents
Tom Chan, managing director, Commercial Group at HKT, offered one major reason local enterprises are holding onto the traditional “prevent and protect” approach, in spite of their existing struggles to respond to increasingly sophisticated cyber threats.
“Companies understand the ever changing environment of the cyber threat landscape, but adoption of adaptive security is slow due to lack of talents and experience in the market. As a result, most companies are still using legacy systems and staying with the prevent and protect approach,” Chan said.
Adaptive security requires different skillsets and knowledge, because this new approach must merge comprehensive activity monitoring, pro ling and authentication with well-tuned artificial intelligence (AI) analytics to detect and respond to any questionable activity.
“Hong Kong companies face limited time and resources,” Chan pointed out. “An adaptive security approach generates much more context and demand for dedicated and experienced security experts to perform endless cycles of continuous analysis, hunt and response. And most companies cannot fill these positions because of a shortage of qualified talents in the IT security market.”
Starting the journey
For companies keen to embrace the adaptive security approach, HKT advised that they should begin by conducting a gap analysis to identify vulnerabilities in their organization and pinpoint the root cause.
“Once the gaps have been mapped out, they should employ the latest technologies to enhance network visibility. Companies should have end-to-end visibility from endpoint devices such as mobile phones, tablets, laptops and PCs, along the path to applications then data. This end-to-end visibility would give them a rich context for analysis,” said Chan.
He pointed out, however, that CIOs should put themselves in the shoes of senior management so that they can provide the business benefits and justify the investment in deploying adaptive security in their organization.
“Revamping the IT security infrastructure is a journey, so different cost models should be evaluated to maximize the flexibility,” Chan said.
He added that companies should also weigh the different options available to them – whether they should “outsource, in-source or co-source” adaptive security.
“People are the key to implementing the approach. Different models of getting things done should be considered and evaluated,” he said.
DevOps calls for new security
Meanwhile, experts have been saying with DevOps making further inroads in the enterprise, the old-style static security is no longer applicable. Cearley from Gartner pointed out the traditional approach applies best to the relatively stable hardware-based systems with traditional, non-continuous deployment and a limited traffic volume. And in this increasingly agile environment, adaptive security best fits the bill.
"Organizations must overcome the barriers between security teams and application teams, much as DevOps tools and processes to overcome the divide between development and operations. Security teams can’t afford to wait until the end of the build-and-release pipeline to offer meaningful feedback,” Cearley said.
He added: “Security requirements and testing must be clearly communicated and easily integrated into work processes, ideally with DevOps tools. Security teams must work with application, solution and enterprise architects to build security into the overall DevOps process, resulting in a DevSecOps model.”
A holistic and integrated approach
With today’s widening threat footprint within the enterprise, HKT said adaptive security should be implemented with an integrated and holistic approach.
“Cyberattacks come in from different dimensions and perspectives. An end-to-end analysis is essential for a comprehensive defense strategy. Therefore, companies need to have an expert or group of experts who have broad knowledge as well as the ability to integrate and manage through a holistic and integrated approach,” said Chan.
He added that enterprises should have an ecosystem for cybersecurity that includes trusted local partners who have the resources for continuous monitoring, analysis and other key areas.
Meanwhile, Cearley said that applying advanced prevention measures are an important start for enterprises, but they are only the beginning.
“All organizations should now assume that they are in a state of continuous compromise. Establishing a broad adaptive security architecture is vital,” he said.
“It’s about protecting business data, which has become the new currency of commerce. Guarding proprietary data from the prying eyes of a competitor can give business leaders a crucial competitive advantage – even if it’s a relatively short one,” he added.