One fact is indisputable: Security incidents are increasing in number. According to the 2014 “Global State of Information Security Survey” conducted by PwC, the number of security incidents among enterprises jumped 25% between 2011 and 2013. And a recent IDG Cyber Defence Maturity Report found 96% of respondents had one significant security incident, and one in six had five or more incidents in the last year.
Why are intruders continuing to compromise enterprise networks despite the tremendous investments made in IT security? First, attackers most commonly target vulnerable endpoints. Studies have shown that approximately 80% of enterprise breaches started with a device on the network that contained a known vulnerability, or that should not have been on the network in the first place. Once a weak point has been found, the hacker uses various techniques to move through the network and other endpoints and servers toward its objectives. Primary reasons these exploits continue to succeed include:
- Slow identification of risks.
- Incomplete identification of risks.
- Detection of breaches is too slow – 229 days on average after the malware infection.
- Slow response and containment times.
- Coordination across siloed and layered security systems is lacking.
For years, industry analysts from Gartner, Frost and Sullivan, IDC, Enterprise Security Group, Enterprise Management Associates, and Quocirca have been recommending that enterprises augment their existing security controls with additional capabilities that are better able to address modern IT security challenges and prevent exploits.
New pervasive network security platform technology can help enterprises close the security gaps above and implement the recommendations of these analysts and standards bodies. Such an approach helps organisations gain greater operational intelligence, reduce risk, efficiently preempt threats, and contain exposures — all without making changes to the network infrastructure or requiring additional security agents.
Key functions of this exploit prevention technology are:
Real-time visibility of users and devices attempting to connect to or already connected to an enterprise network is essential for wired or wireless, managed or unmanaged (BYOD), virtual or embedded, desktop or mobile devices. Key capabilities to look for are agentless real-time discovery, classification by device type and deep assessment based on built-in and user-defined policies.
2. Hardening & Prevention
Considered as critically important by Gartner, the hardening function must ensure endpoint security policy compliance by way of notification, endpoint remediation or triggering other controls such as patch management and vulnerability assessment.
3. Continuous Monitoring & Detection
Devices and network traffic must be continuously monitored, not just when a device first joins or reconnects to the network.
4. Powerful, Yet Flexible Policy Engine
IT security managers must have the flexibility to define and enforce granular policies at the network, user, device, and application level.
5. Contain Incidents Via Network Enforcement
Another critically important function in the eyes of Gartner, network enforcement is achieved by interfacing with the network infrastructure to grant, limit or deny device access pre- and post-admission.
6. Coordination With Other IT Security Systems
A best practice to look for is a platform that shares contextual information between and among different security and IT management systems, thereby reducing the problem of information silos and facilitating automated remediation. This allows IT organisations to better leverage their existing infrastructure investments, efficiently preempt and contain exposures, and enhance their overall security posture.
IT security tools and practices of yesteryear are overly focused on management agents, periodic assessments, disparate point solutions, and manual response processes. Enterprises must evolve their security architectures to better align with today’s complex, diverse, dynamic IT environments and burgeoning threat landscape. Enterprises should move in the direction of security architectures that emphasise exploit prevention technology.