New network defenses leave intruders with no place to hide
SMBs should focus on detection, not prevention, to keep systems safe from attack
By Byron Acohido, ThirdCertainty
When he unveiled his new “national cybersecurity action plan” last February, President Obama called for an overhaul of aging government networks and wider sharing of security intelligence.
The president also reinforced the notion—long held by the global cybersecurity community—that a fundamental shift in emphasis from prevention to detection must happen in order to slow down the bad guys.
Free resource: Putting effective data risk management within reach
ThirdCertainty recently sat down with Justin Harvey, chief security officer at Fidelis Cybersecurity, to discuss how preventing intruders from stealing data and/or damaging systems once they get inside a network, is where some major advances are unfolding. Text edited for clarity and length.
3C: What kinds of defenses are large, or even midsize, organizations deploying?
Harvey: The typical network stack is a best of breeds situation where they’ve got firewalls, intrusion detection systems and intrusion prevention systems that look for known threats that have been seen before. You might also have unified threat management that is delivering any virus updates and applying threat intelligence.
So you’ve got this whole stack of network devices. What we have seen is a trend where our largest customers right now are condensing their network stack. There is a trend to consolidate to one single vendor that owns the firewall, IDS and IPS, and also running network monitoring and network forensics.
3C: What’s driving that?
Harvey: Cost and complexity. There has been a bit of a honeymoon period over the past few years where we had this frenzy of new vendors, and it’s not sustainable. If you have different solutions from different vendors, you have all of those maintenance contracts. And every system has a different user interface. And you can’t hire or retain enough people to manage it all. So companies are going to have to slim down to just a few solutions to be able to manage it all.
3C: Clearly large organizations have access to a lot of cutting-edge technology. What about midsize and small businesses?
Harvey: Our products are designed to help midsize companies be able to understand and quickly identify what is leaving the network. Mid-market companies that are moving to the cloud want to be able to see what’s leaving their network. They can do that by using our cloud solution. We have an Office 365 component.
But the bigger message here is that you can pick up where others leave off. We have complete visibility over the network and over all the endpoints. Basically, there’s nowhere for attackers to hide anymore. And if they do get in the front door, then we have other multiple areas to stop them.
3C: So how does a company begin to sift through different ways to address security?
Harvey: Part of the advice I would give to organizations today is to classify your data for what’s sensitive. Then put policies, procedures, technology and people in place to be able to monitor when data is leaving the enterprise. Organizations today often learn of a breach from a third party, sometimes the FBI, or by other organizations that have been hit. That means companies need to get better at understanding when sensitive data is leaving the enterprise.
3C: It’s a good sign that security vendors are getting better every day at helping companies do that.
Harvey: Absolutely. The tools are getting better. The resources, the workers are getting better. I am very heartened to see President Obama’s cybersecurity national action plan that calls for a fundamental shift from prevention to detection. Not all attacks can be prevented or stopped easily on the perimeter—we’ve been saying that for years. It is really a detection problem not a prevention problem. And with the White House taking that sort of approach, that’s a big leap forward.
More stories about network security:
Managed security services help SMBs take aim at security threats
Study finds C-Suite overconfident about network security
New tactics needed to search for, destroy network invaders