INTELLIGENT ENTERPRISE SECURITY
especially during the chaos and time
pressures of a network undergoing
digital transformation.
1. Assume you will be
compromised
Constantly asking the question, what
happens when our network is breached?
can dramatically change how you
approach securing your environment. And
it should start by engineering as much risk
out of your network as possible before you
deploy even the first security device.
2. Complexity requires simplicity
Do not make the mistake of trying to
secure increasingly complicated network
environments with equally complex
security solutions. Standardise on a
few vendors, especially those who can,
as much as possible, allowing you to
manage different devices through a single,
common interface. And for things you
need that fall outside of that, look for open
standards and APIs that allow them to
leverage your existing management and
orchestration tools.
3. Implement inventory controls
Get a tool that can track all your devices
everywhere, even those that only exist
for a few minutes. This tool needs to not
only see and keep an inventory of every
device on your network, but it should also
be able to identify and rank indicators of
compromise so you can make sure things
are getting patched, updated, or replaced.
4. Integration is king
Advanced threats often need lots of data to
be discovered, from sensors to sandboxes.
When a device discovers a new attack or
breach, it needs to let other devices know.
And not just the other firewalls from the
same vendor. Everything needs to know,
your web application firewalls, your IPS
devices, your email and web security
gateways, your wireless access points, and
your endpoint clients. You need to be able
to raise the shields immediately.
5. Correlation saves networks
Not only does threat intelligence need to be
shared, your network needs to be able to
do something about it. And once a security
event is found, your network needs to
able to respond in a holistic, coordinated
fashion. Compromised devices need to
be isolated from the network. All security
devices need to be looking for the same
thing. Network segmentation needs to
The amount of
time in the day
spent on digital
transformation
activities has
eaten away
at any time
that used to
be available
for things
like patching
devices.
scan for the lateral movement of malware.
Your security needs to operate like a single,
integrated system.
6. Automate your response
As much as possible, the network should
be able to respond to an attack or
vulnerability without human intervention.
Patches should be applied, un-patchable
or compromised systems should be
quarantined, security rules should be
updated, and systems should be hardened
without relying on human beings. Adding
things like machine learning and AI
allows the network to make autonomous
decisions as close to the point of
compromise as possible. The goal is to
reduce that gap between detection and
response as much as possible, and that
means making decisions at digital speeds.
Of course, this sounds easier said than
done. But it can be done. In fact, more and
more organisations are doing it. They start
with lots of planning. And the best place
to start is by designing and deploying a
security fabric that dynamically spans the
entire distributed network, even into the
multi-cloud. Such an approach enables
integration, correlation, and automation,
even across the most distributed and
complex environments.
39