Security costs money. Risks are proliferating. More security will be needed, which means more money will be spent. For these reasons, odds are that security, and security spending, are on your mind whether you are in the IT trenches or part of the C-suite. Gartner predicts security spending will reach $101 billion by 2018 and MarketsandMarkets forsees spending approaching $170 billion by 2020.
Like a stock portfolio, retirement plan, or any investment, enterprises must make decisions as to how to allocate funding for maximum return. I touched on this a few months ago in when I said that the goal is to get the most protection and greatest capability to detect intrusion for the money spent. Your security investment portfolio must be rebalanced as new options become available and new threats emerge.
As with any investment, past performance is not a guarantee of future success. The same is true of your investment in security. The world changes and it demands that we re-evaluate our options. For a long time security meant building an impregnable wall that hackers could not get through. It has become abundantly clear, however, that no wall is too high or too thick. That does not mean that firewalls and network protection are not necessary. The marauding horde is certainly still out there and needs to be stopped at the gate.
More recently, end point security that protects and validates the connection between valuable repositories and the exploding number of end-user devices being deployed—tablets, mobile phones, cloud-connected devices as well as laptops and desktops—has been a prominent part of the mix. That too remains an essential component to a portfolio.
But now a new reality means that a high performance security portfolio must further diversify to contend with a new, strikingly different, and unavoidable assumption that runs counter to those other investments: the bad guys are going to get in. State-level, state-sponsored attacks and the most sophisticated criminals are simply undeterred by your past portfolio. Their new attacks succeed because they impersonate your legitimately credentialed employees and devices.
So if you must assume that bad actors are already inside the walls, you need to turn some of that security spend inward. Putting more locks on the garage door is not enough if the criminal has a good crowbar and you leave the keys to the Ferrari in the ignition. Nor is simply offering further training to employees to be smart about passwords and network security (although that need hasn’t gone away) going to be enough.
Instead, the next phase of developing your security portfolio needs to focus on what goes on within your networks and systems. It requires a new breed of tools working in tandem that alert us and take action in minutes, hours or days rather than the current norm of weeks or months for the most sophisticated state-caliber attacks. Here are a few examples of innovations to consider when diversifying your security portfolio:
Identity and access management: Companies like SecureAuth strengthen your identity security, moving beyond username/password and even two-factor authentication by using adaptive access control to fine-tune the ways people can access your system. The objective is to increase confidence that you know who is accessing your system, providing easy access when the right people seek entry from within well-defined, safe environments, while throwing up verification barriers when people behave outside the norm, whether it’s a staffer on holiday or some guy hacking into your system from a café in Russia.
User/Entity behavior analytics: Companies like Fortscale apply sophisticated data and behavior analysis to identify anomalous behavior inside your network. This is more than detecting fraud by employees. This can also be about detecting high-powered, state-level actors who might be poking around inside your systems using legitimate (but stolen) credentials. They look for entities (human or software) who at first glance appear to be legitimate users, then recognize when their activities deviate from an established norm. So, when a CSR suddenly starts entering administrator passwords on a critical database server, flags go up and you can take action.
Protect the most privileged: What hackers want most is access at the highest levels—administrator privileges and root-level access. Companies like CyberArk focus exclusively on putting a layer of protection around those highest value identities and accounts, so when hackers get inside, the crown jewels of the enterprise are still secure. High-resolution infrastructure intelligence: Gigamon looks to enhance security by gathering data from a wide variety of sources, transforming it into a consistent form, thereby maximizing your intelligence about your entire computing infrastructure. In effect it makes your other security procedures smarter by capturing and sharing data about your environment.
These are just a few of the new choices that a chief security officer has to improve the portfolio of security to address the new world of threats. Security is an evolving challenge. In order to succeed in your defense, your security portfolio also needs to evolve, striking a balance between past, proven techniques and further diversification in new areas to address the changing threat landscape. The art to this is deciding which of the new solutions is the best fit to your needs and then to allocate spending, like a portfolio manager, to maximize the security achieved for the money spent.