Security moving forward needs to follow the data, the user and the application
Michael Sentonas, VP and Global CTO of Security Connected at McAfee – Intel Security shares his perspective on issues surrounding security, ransomware and how to have a risk based approach to security
Could you give an overview of Data Exchange Layer (DXL) security communications fabric that includes deeper integration with Intel Security products?
Security needs integration. It needs to have an architecture that will allow different technologies to work together and share intelligence. As of now, there is no messaging layer that exists among different vendors. DXL is a messaging layer that allows different technologies to share information on threats using a common platform in real-time. The idea is if a threat is detected in any end-point it can alert all other devices in the network. We are integrated with Brocade, Rapid7, Cyberon and many other vendors.
We decided to focus on some core areas. One of those core areas are end-points. It becomes even more important as we start to think of what I call “New end point” or as industry calls it IoT. Presently, end points are very dynamic. The end point might not reside within traditional network, wherein the traditional firewall might not be able to protect it. Security moving forward needs to follow the data, the user and the application. Similarly, Web Gateway Security both on-premise and on cloud is very critical to us. Security incident and event management (SIEM), advanced malware detection and analytics both on-premise and on cloud, forensics and detection are core to our strategy. Critical for our strategy is Data Loss Prevention (DLP) as well.
Which are the pillars for security by design?
First and foremost organisations need to look at what technology will be used. Any technology which is being rolled out needs to be checked if it has security built into it. One needs to isolate devices with sensitive information to make sure they do not come under attack. Do organisations understand what is their most valuable data? Many organisations in India lack the knowledge of what is their most valuable information.
How can organisations secure their valuable data, if they do not know what it is and where is it. Where is the vendor community failing in combating security threats which have already been there, and yet they seem to grow?
From an end-user perspective, it is a challenge to know what security solutions to buy. Vendors talk about lot of statistics and trends, but they do not talk about what is the outcome of using their product. Thus, the industry needs to start talking about outcomes in a very clear basic way.
Another major challenge is that lot of technologies out there do not work together. An average organisation uses technology from 15-20 different vendors which are not interoperable. What ends up happening is that the end-user ends up becoming a system integrator. From an attack perspective this also leads to many gaps through which an attack can take place. We speak about Threat Defence Lifecycle, wherein we want to help organisations detect new or potential threats in the network. We would enable them to automate the lifecycle that would allow them to do it with faster time and fewer resources.
Presently, when most organisations have multiple layers of security, how can they take advantage of it or react to it?
Organisations need to pause and rethink their security strategy. They need to ask some tough questions about what they have been doing. They need to assess that whether the architecture they have today will help them in the future. If it does not, then they need to make changes accordingly. Organisations should not get confused between defense in depth versus vendor in depth. Many misconstrue defense in depth by buying security solutions from all different vendors. The value to such an approach is very limited. Defense in depth means what vital security controls, one needs in every part of the network. If one can get those security controls from one vendor then it is easier, because then one gets integration and common management. Organisations can get optimal security by having one or two vendors in their environment and not 15-20 of them.
