Adaptive Segmentationmicro-segmentation October 12, 2015

Contain First, Ask Questions Later

Alan S. Cohen,

The latest study by the SANS Institute points to monumental shifts in the ways that enterprises are dealing with cyberattacks.

For far too long, enterprises have focused on attack prevention and threat detection. Not surprisingly, this stemmed from the fundamental human tendency to ward off trouble even before it can become an issue.

SANS report and survey

Enterprises have spent fortunes to build multiple layers of defense, starting with perimeter security solutions, IDS/IPS systems, malware and APT detection solutions, and a host of other technologies. Unfortunately, this has proven to be inadequate in the defense against cyber criminals who are just as relentless.

The high-profile attacks in the news in just the last year show how attackers made their way past many lines of traditional defenses and lay dormant within enterprise data centers waiting for an opportune moment to steal sensitive data.

  • Trump Hotels (compromised records unknown) attackers had access for up to a year
  • OPM (21.5M compromised records) attackers had access for up to 12 months
  • Scottrade (4.6M records compromised) attackers had access as long as 6 months
  • Anthem (80M records compromised) attackers had access for “weeks”

What Is Your Time To Detection for Data Breaches?

SANS surveyed more than 400 security and risk professionals and revealed that time to detection itself is the biggest challenge that enterprises face against attacks. Time gives attackers the ability to skip sideways and learn more about the victim organization. More than half of the survey participants expressed dissatisfaction with the time taken to contain and recover from attacks.

If enterprises can reduce their attack surface, immediately isolate compromised systems, and prevent attackers from finding other systems to infiltrate, damaging breaches can be stopped. Such a “contain first, ask questions later” approach is not possible with traditional security solutions (75 percent to 96 percent of respondents use one or more traditional security tools). On the other hand, many businesses are also stuck with taking too long to make the security changes needed (35 percent take 2+ weeks to react to application changes). IT needs new adaptive ways to secure their valuable data in the face of continuous change in applications and computing environments.

Do you have the right tools in Place?

It seems that security has been caught between Scylla and Charybdis, the bad guys who are launching increasingly sophisticated attacks on the one hand and the displeasure of the business leaders concerned about broken applications or slowed application delivery on the other.

Without the right tools to help them understand their increasingly distributed and dynamic computing environment, many enterprises are flying blind (58 percent of enterprises don’t have visibility into East-West traffic or know if they do). And when it comes to the cloud, nearly half (49 percent) of all enterprises still don’t have a security strategy. 

The right security strategy can slay the mythical monsters and enable security to mirror the speed of modern application development and delivery.


Adaptive Segmentationmicro-segmentation
Share this post: