In security, context and data is everything. If you don’t know the context of a security event, and don’t have the data available to analyse that event, how can you know how important it is?
Context-aware security is about making use of additional information to improve security decisions at the time the decision is made. By doing this, it ensures that more accurate security decisions are taken to provide better protection against advanced threats.
One example that can highlight the importance of context awareness is if a bank receives an online banking request from a regular customer to move money from one account to another. The customer has logged onto the online banking site and has correctly used her password and credentials. All would seem right with the world.
But, hold on a minute… what if the bank was able to determine that their online customer is using a different computer from normal? She is accessing the online banking site during what would be the small hours in the country where she lives; and indeed it appears the computer she is using is located several thousand miles away from where she carried out her last online transaction, just a few hours ago.
Suddenly the context and the data the bank has available has changed the whole picture from an apparently innocent transaction, to one which most likely was a fraudulent one. They have the context and information to decide to block the transaction until more information can be sought.
It seems simple, but it’s surprising to see how many businesses purchase tactical static security solutions to solve a problem at a point in time. But they do not think of the dynamic nature of their environment or the threat, rendering these tactical purchases useless over time.
It’s like the boy with his thumb in the dyke to stop it bursting.
Today’s IT organisations need a dynamic approach to defending the network—one that uses awareness and automation to provide visibility and context while constantly adapting to new threats, new vulnerabilities, and everyday network changes.
Staying ahead of the bad guys
When it comes to IT security, context-awareness is critical to staying ahead of the bad guys. The rate of change in today’s IT environments—the number of devices, users, applications and systems that connect to our infrastructure every day—is unprecedented. In addition, attacks are coming at an increasing rate and with an increasing level of sophistication. Old security solutions are typically blind to changing conditions and new attacks. Because you can’t protect what you can’t see, these traditional security solutions fall short of providing needed protection.
Security solutions that are context aware can see and intelligently correlate extensive amounts of event data related to IT environments—applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats. This correlation provides the context needed to automatically and flexibly tune and protect organisations from today’s advanced threats.
But it isn’t enough to see and correlate data. Essential to context-awareness is the ability to learn and quickly respond. Not only do traditional security models lack the context to understand the security implications of new events, but because they typically are static—designed for a time when IT environments were fairly stable—they lack the ability to adapt accordingly. Ill-suited for the demands placed on them today, they fall further and further behind in their ability to combat advanced threats.
The latest network security platforms must be agile in order to adapt to not only today’s threats, but tomorrow’s as well.
Network security platforms are increasingly being defined by awareness, context and agility. From the endpoint to the network, as threats become smarter and faster and computing environments become more complex, organisations can no longer rely on first-generation solutions for adequate protection.
Context is everything in security.
Ammar Hindi is managing director, APAC at Sourcefire, now a part of Cisco.