In the not too distant past, the information security needs for most organizations were fairly straightforward. From a technology perspective, core defenses included a handful of perimeter-based firewalls to policing traffic originating from the Internet, along with software at desktops, and perhaps email gateways, to counter the emerging threat from viruses. A smattering of tools were subsequently added either to “enable the business” or to achieve an incrementally greater degree of defense in depth.
Most notable among these were virtual private network (VPN) technology, to support secure remote connections over the Internet, and intrusion detection systems (IDS), essentially to obtain a networkbased variation of anti-virus controls – and inevitably yielding a mountain of “event” data requiring a very time-consuming analysis by the security team.
In general, the rule of the day during this period was for organizations to purchase best-of-breed point products to fill their security technology requirements. This approach was practical due to their rather modest needs. Not only that, but it was also appropriate. It was a formative time for the security industry. In other words, “best-of-breed” actually meant something, since even the most fundamental products (e.g., firewalls and AV) were still maturing, leaving considerable room for differentiation. Furthermore, security staff, as well as security programs overall, were also still maturing. Under these conditions purchasing security products one at a time simply made good sense. It allowed organizations sufficient time for digestion before jumping back in the pool.
However, in recent years a number of factors have conspired to change the security landscape – dramatically and forever. Among others, these drivers include the growing ubiquity of communications services, the proliferation of information technology and applications, the emergence of regulatory compliance, and an escalating arms race with hackers. The result is that providing anything but a comprehensive degree of protection is not an option in today´s business and computing environment, where there is an ever increasing quantity of infrastructure and information to secure and a greater quantity, diversity, and intensity of threats to ward off.
Given these circumstances, it is not surprising that the conventional approach of utilizing best-of-breed point products is no longer appropriate. The cost and complexity of such a strategy would simply be overwhelming, not to mention counterproductive. Accordingly, it is time for organizations to embrace a new approach – one where best of breed is redefined to also account for the scope of security capabilities that a product provides. In particular, to maximize effectiveness while minimizing costs, organizations should be adopting a strategy that focuses on the broad and flexible implementation of multi-function security platforms.
To clarify further, it is also important to realize that:
It will be unrealistic to rely solely on such security platforms. Indeed, it will typically be necessary to supplement them with selected point products to provide additional, niche or emerging capabilities;
This strategy is not just about implementing so-called unified threat management (UTM) devices. Instead, it is about extending the UTM concept by enhancing the associated devices so they are applicable to a far greater set of use cases than those they are currently associated with – namely small-to-medium businesses and the branch offices of larger enterprises; and
The appropriateness of this strategy depends on the availability and selection of a suitable technology solution. It is with this in mind that the second half of this paper is dedicated to enumerating and expanding upon the primary characteristics that define a best-of-breed multilayer security platform: multi-layer security capabilities, top-notch performance, unbounded flexibility, and a high degree of cost effectiveness.
Today´s Security Challenges
A closer examination of the ongoing changes to the security landscape is essential to better understanding both the market need for multi-layer security platforms and the requirements that must be met to achieve a best-of-breed solution.
The Evolution of Threats
Arguably the greatest security challenge facing organizations today is the evolution of threats, those bad elements (e.g., viruses, worms, hackers) which seek to exploit a system´s vulnerabilities. To begin with, there are so many different types of threats, taking advantage of so many different techniques, targeting so many different vulnerabilities, and coming from so many different vectors that even having multiple best-of-breed countermeasures is unlikely to provide sufficient coverage to stop them all.
Compounding matters, the past couple of years have seen the steady maturation and growing accessibility of threat development toolkits along with a shift in hacker motivation, from the accumulation of accolades/recognition to the accumulation of cold hard cash. The unfortunate yet predictable result has been a number of significant and undesirable changes to the threat-scape.
Most notable among these is the fact that threats are now being created more quickly than was historically the case. In the past, organizations would learn about a new vulnerability and then have weeks or even months to receive and implement a corresponding patch – or at least to receive and implement updates to their anti-virus software and intrusion detection systems. However, threats/attacks are now being launched only days after the announcement of vulnerability. Furthermore, today´s threats are routinely capable of spreading at an alarming pace, often reaching a substantial portion of susceptible targets within a matter of mere minutes.
Equally troubling is the fact that threats are becoming more elusive. On one hand, this stems from a rise in the frequency of blended threats. By creatively employing multiple exploit mechanisms, payloads, and propagation techniques, hackers can enhance the likelihood of their creations being able to elude an organization´s defenses. On the other hand, it is also stems from hackers shifting their attention to focus less on exploiting network-layer vulnerabilities and more on those associated with application services, logic, and even data itself. In both cases, the result is the same: an increasing capability and frequency of threats slipping through the predominately network-layer focused defenses that most organizations have deployed to date.
To keep up with these changes to the “threat-scape”, security strategies and solutions must evolve as well. In particular:
They must become more “blended”. Not only must reactive countermeasures be supplemented with ones that are more proactive – and therefore capable of addressing even unknown attacks – but network-focused defense mechanisms must also be supplemented with ones that can thwart application-layer threats;
They must become more efficient. A greater volume of threats inevitably means a greater quantity of security “events” that must be dispositioned by an organization´s security staff. In addition, there is also the need to operate and maintain the greater variety and quantity of security mechanisms required per the previous bullet item; and,