Joined up thinking key to beating cybercrime

Series of locks on binary code with one unlocked

The increase in volume and sophistication of cyberattacks is one of the biggest fears among IT security professionals today.

And it’s hardly surprising as to why. In May this year, McAfee Labs found 362 new threats every minute – that’s six every second. Furthermore, the McAfee Labs malware “zoo” grew 13 percent from Q4 2014 to Q1 2015 to now contain 400m samples. As attackers become smarter and stealthier, it is often difficult for businesses to even know they are being targeted – until it is too late.

The challenge is that over the last two decades, organisations have acquired an array of security products, creating a sort of patchworked security architecture. These legacy technologies, possibly the best point products of the moment, were often acquired in silos and simply solved a single security problem. But this siloed technology model is not a sustainable security solution when mapped against today’s more advanced and challenging threat landscape. Individual technologies are left exposed and attackers are able to find the vulnerable gaps much more easily and quickly.

Isolated technologies and products create gaps, impair visibility, drain budget, and leave incident responders scrambling to react to targeted attacks. IT security teams are currently facing data overload, blinding them from the alerts and activity that matter. In fact, Gartner estimates the volume of data analysed by information security organisations will double every year through to 2016. Subsequently, organisations are demanding better information and guidance to help keep their systems, data and reputation secure and they are looking for trusted partners to help.

Connecting the dots

Hackers undoubtedly leave footprints inside the IT architecture, and this information is available, but only in the individual, isolated silos of security products. The key is to integrate across silos to see the big picture and respond in real time. ‘How do we do this?’ is the question customers are looking to their channel partners to answer and the resounding response needs to be with ‘a connected architecture’.

In a connected architecture, the solutions all work together to provide collaborative and proactive security for the environment. Alerts of intrusion can be consolidated as security products talk to each other and consequently, relevant events boil to the top, information turns into intelligence and IT security teams can make more informed decision on next steps to thwart the potential threats. Threat information can be shared dynamically between security products allowing the architecture to learn from attacks and automatically get stronger every time it’s attacked. Being armed with the technology to be able to detect signs and prevent an attack early on, rather than just searching for indicators of a breach post-attack is invaluable to an organisation. This is a significant part of the transition from being reactive to proactive and adaptive – using real-time intelligence to shrink the detection gap from days/weeks/months to seconds.

Where channel partners can add value is by guiding their customers on this journey from an architecture crafted on point products to a much more integrated one. The aim is to move away from silos and leapfrog the ‘layered tools’ experience, where the tools aren’t really talking to each other, straight to a connected architecture. Only then will an organisation’s security posture be stronger and the customer will be able to know what is happening in their architecture right now. Channel partners need to help plan that journey, offering consultancy and training on new technology. By working strategically with customers, partners can also reassure their customers that the security is aligned to their business needs and ultimately, make them more agile in responding to threats.

A sustainable design for the future

Just as attacks have evolved over time, so too has the need for connected security solutions in organisations to combat the more advanced threat landscape. Whilst this may not have been a priority in the past, today being connected has never been more important for businesses to discover and fight new cyber-attacks.

Therefore, security design thinking needs to shift from a tick-box approach to one that enables success by embedding cyber security and risk management into the very DNA of the business. Only then will organisations be one step ahead of the cyber criminals.

Jon Cairns is VP EMEA presales at Intel Security