We have all read the news reports of company IT systems being attacked, hacked and compromised. With this comes potential loss of shareholder value, marketplace reputation and possible legal action. This is the stuff that keeps CIO’s and Chief Information Security Officers (CISOs) awake at night.
As I travel the world and discuss security with IT executives, it is clear that companies are committed to increase their protections and reduce risk but are struggling to understand gaps in their protection and to control complexity with the multitude of security solutions available. To what level systems are compromised is sometimes unknown and many companies are constantly dealing with sophisticated security threats that are coming from all parts of the world and even from within their own organizations.
Whether it be a botnet installed on a laptop, an advanced persistent threat, or even their own employee willfully or negligently exposing confidential data, these threats can often be prevented by leveraging security intelligence.
More often than not, companies are focusing on very narrow,siloed ways of securing their organization–for example, simply focusing on firewalls, database or application security. The issue with this approach is that there is no way of coordinating and communicating between the silos. Security Intelligence provides a picture across an entire organization. Security Intelligence brings information in from the perimeter, the database, applications and identity of employees, vendors and partners accessing this information, providing a thorough understanding of what is going on across an organization.
I’m often asked to explain the benefits of Security Intelligence. Essentially, the value falls into three important categories:
1-Threat Detection. Many of the security products available today are specifically focused on a particular area, and don’t give a view of the entire organization. Security Intelligence leverages analytics to detect threats that may be missed by any one component or point product. For example, one of our customers was able to detect a botnet on a laptop which was transmitting information to an undesirable geography from the company’s financial revenue recognition analyst. How was that value delivered? Through analytics and correlation. Another example of the power of Security Intelligence was the discovery of an insider doing unusual and surreptitious things late in the evening detected through behavioral analytics as a result of analyzing security intelligence information. That’s the type of information and the type of threat which can be detected by analyzing all these disparate pieces of information, understanding behaviors, doing sophisticated correlation and bringing to the attention of our security customers what is unusual and what could be going wrong. Exactly what’s needed for the types of threats which customers are facing today.
2-Government Regulations and Compliance. Increasingly, corporations are required to demonstrate compliance to industry regulations. While these vary from country to country, companies must look across the enterprise to get to the information to actually demonstrate compliance to these industry regulations. Security Intelligence provides one place to go for a huge amount of the information required to be able to show compliance to auditors, but most importantly to be able to show that this information is in fact being monitored, that the incidents and offenses are in fact being observed and brought to the attention of the security analysts.
3-Operational Efficiency. Think of all the data being produced on a daily basis. Millions of records a day come across a company’s infrastructure that could present a security concern. Who can analyze that data? One of our customers deals with billions of records that come through the security intelligence systems that IBM provides. The result of analytics and correlation takes those billions of data points and reduces them down to 25-50 high priority offenses that must be reviewed every 24 hours. That’s the kind of results that good analysts can look at to understand what is going on from a security posture within their organization. The operational efficiencies are tangible and they can be delivered very, very quickly with a good, well deployed Security Intelligence solution.
The old ways of securing a company no longer work. Attacks are getting more sophisticated and relentless. Add to the mix emerging trends like cloud computing, the pervasiveness of mobile computing, and the increase of embedded devices in our cars and in the smart grid and it’s easy to see the need to change our security posture. As the planet becomes more instrumented, intelligent and interconnected, the need to apply more advanced Security Intelligence to how we secure and protect our company is becoming abundantly clear.