What is Intelligence Driven Security?

The Challenges

Today, information security is threatened as never before due to a convergence of business and technology developments that’s created a “perfect storm” for your adversaries.

  1. Organizations are now running mission-critical applications and core business functions in public clouds, which may or may not offer adequate data protection.
  2. BYOD has exploded, requiring IT to protect information that resides on devices the company doesn’t own, manage, or control.
  3. With the advent of “Big Data,” the sheer amount of information that must be managed and secured has exploded as well.
  4. Organizations are granting systems access not only to employees but to third parties such as contractors, vendors, and partners.

Meanwhile, your opponents have also matured, enabling them to take advantage of this expanded attack surface with zero-day malware, advanced persistent threats, and other forms of malicious infiltration. Today, it’s not a question of whether you will be breached – but when. And the stakes are high. One devastating attack can wipe out years of steady revenue, cutting-edge research, or a trusted brand.

The legacy security model, which defends a static perimeter and static infrastructure, has become ineffective for maintaining trust in our IT systems and digital businesses. What’s needed is an accelerated ability to detect and resolve intrusions that minimizes attacker free time in the network.

The Solution

An Intelligence Driven Security strategy helps organizations mitigate the risk of operating in a digital world by enabling them to detect, investigate, and respond to advanced threats; confirm and manage identities; and prevent online fraud and cybercrime.

To prevent inevitable breaches from causing damage or loss, Intelligence Driven Security delivers three essential capabilities: visibility, analysis, and action.

VISIBILITY

To design optimal defense strategies and prioritize activities, organizations need more visibility into risk. This includes network and endpoint visibility, which must go from today’s limited emphasis on logs and events down to the packet and session level in order to spot faint signals that indicate advanced threats. Digital identities are also key; organizations need to understand who and what are on their networks, what they are doing, and whether that behavior is appropriate. Finally, enterprises need transaction visibility: an understanding of what’s happening inside key applications.

ANALYSIS

Analysis involves understanding normal state behavior and then looking for anomalies. By knowing what is “normal,” an organization can spot, investigate, and root out abnormalities that result from malicious activity. Once an anomaly is discovered, contextual analysis determines the appropriate response.

ACTION

Action is the response to confirmed malicious anomalies. Rapid action allows organizations to mitigate potential threats by enforcing such controls as access restrictions or additional authentication. Action also includes remediation processes and activity. The key to success is consistency, so that each time an analysis finds something potentially threatening the organization can “operationalize” the response.

The Benefits

Along with the crucial ability to combat today’s increasingly dangerous threat landscape, Intelligence Driven Security provides additional benefits.

Focus: Intelligence Driven Security drives action based on mitigating the most pressing risks, ensuring that organizations prioritize activities and resources optimally.

Efficiency: Intelligence Driven Security reduces the number of point products and fuses otherwise disjointed data sets and tools, increasing both security and operational efficiency.

Savings: Because it identifies attacks more rapidly, Intelligence Driven Security reduces bottom-line losses that often result from an undetected breach.

Competitiveness: An organization that effectively manages its digital risks can confidently channel resources into growing, expanding, and differentiating the business through value-added initiatives.

Staffing: Intelligence Driven Security empowers top performers with cutting-edge technologies that extend their efforts throughout the organization. Automation can free overburdened employees to add more value, and elevate average performers into vital contributors.

It’s Your Move

Regardless of your current technologies or strategies, your organization can move towards Intelligence Driven Security. Current investments can be used as the building blocks of a more sophisticated model. A roadmap across people, process, and technology can increase security maturity. What’s important is not where you are today, but the steps you take to improve.