By Ivan Wen (Country Manager, Sourcefire Malaysia).
Whether we’re engaging foes in warfare or protecting our computer networks, having information superiority is essential to success. Defined in the US Army Vision 2010 doctrine as “the capability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same,” information superiority is identified as “the key enabler in 21st century operations”.
The network battle revolves increasingly around information superiority. When the network is breached, the attackers are leveraging information superiority to gain access to the networks’ digital assets.
Most IT security professionals lack the visibility and control over the network to effectively defend those attacks and to keep up with the rapid pace of change – both within the IT environment and the broader threat landscape. Old techniques of sporadic asset determination coupled with static defenses no longer work in this highly dynamic world adding to the challenges of cloud-hosted and virtualized IT services and increasing number of mobile users and consumer devices in the workplaces.
How to maintain information superiority in today’s reality ?
A network defender needs to have a clear baseline of the network environment in order to protect it. In short, IT professional need to be able to see everything happens in the network. Once you “see it,” then you can “control it.” Real-time discovery and intelligent security automation must become the centerpieces for an effective security practice where defenses are properly adjusted in meaningful time frames. In addition, newer and more responsive controls that address sophisticated threats are required to reduce risks when an outbreak does occur.
Below are three questions that IT security teams should ask vendors when evaluating their abilities to provide the requisite information superiority for an adequate defense.
1. What elements of the IT environment can your security solution detect and how often is that information updated ?
It isn’t enough to provide visibility into applications, files or threats on a monthly, weekly or even daily basis. IT security teams need continuous and total visibility into all devices, applications and users on a network as well as an up-to-the-minute network map, including profiles on client applications, operating systems, portable devices (phones, tablets) and network infrastructures (switches, routers, etc.).
Real-time visibility into attacks, vulnerabilities, changes in behavior and the environment is also essential. Information superiority is attained by using this awareness, mapping threats against asset vulnerabilities, and then tying this intelligence back to defenses in an automated fashion.
2. What kinds of controls are available to minimize the impact of a potential attack ?
Since advanced threats are short-lived, targeted, and often exploit unknown vulnerabilities, minimizing the available attack surface through intelligent and granular controls is a necessary protection measure. For example, access control over applications and users enables IT security professionals to easily deploy integrated control and threat prevention policies. In addition, solutions that can tap into “big data” (i.e., the vast amounts of security data gathered from users as well as network and computer security technologies) and leverage analytics to deliver protections quickly, give security professionals further control to speed threat mitigation.
3. What capabilities help address constant change ?
Security automation is critical to proactive protection. It isn’t enough to automatically find signs of attack and alert a human to take action. Solutions must go a step further and use contextual awareness to intelligently filter out “the noise,” assess threat impact and automatically adjust to provide protection. Whether it’s blocking malicious attacks, enforcing policies, prioritizing and pointing out suspicious events to human analysts, or reporting to the organization – it all needs to happen automatically and in real-time.
In the cybersecurity battle, the side with information superiority wins. The sooner we realize that the status quo is no longer sufficient and that the ability to “see it” and “control it” is critical for 21st century protection, the sooner we can empower network defenders against attackers. Information superiority provides the indispensable foundation for an effective defense-in-depth strategy – enabling us to win the battles.
