Security Intelligence Services Ramp UpBy Michael Vizard | Posted 07-25-2013
Security Intelligence Services Ramp Up
By Michael Vizard
The problem with anything relating to security is that it’s hard to justify exactly what the appropriate amount of investment is. All the security technology in the world doesn’t guarantee absolute security. But, of course, it’s a lot better to be forewarned if there is any hope at all of being forearmed.
For that reason the security industry’s focus is moving from not just trying to defend IT organizations from attacks, but delivering the intelligence that IT organizations need to defend themselves from attacks before they hit.
The basic idea is that while there isn’t a way to prevent the attacks from occurring, the meantime to remediation can be much faster. In fact, once an attack is detected, IT organizations could be alerted to not only what vulnerability that attack is trying to exploit, but also just how vulnerable their IT systems are to that specific type of attack.
Delivered via the cloud, these types of security intelligence services will be crucial if IT organizations hope to keep pace with increasingly sophisticated assaults. Instead of randomly launching broad sets of attacks that cyber-criminals hope will affect the broadest number of targets possible, hackers working for cyber-criminals or nation states are launching more sophisticated attacks that are aimed at specific organizations and, sometimes, specific persons in an organization.
Known as advanced persistent threats (APTs), these attacks are still a relatively small percentage of today’s attacks, but they are the most dangerous in the sense that they are usually designed to steal specific types of intellectual property. Unfortunately, that’s precisely the type of attack that many companies are the most ill-equipped to deal with, which is why organizations, such as the U.S. Capitol Police, are investing more in security intelligence.
According to Richard White, chief information security officer for the U.S. Capitol Police, investing in security intelligence services, such as those offered by IBM, Hewlett-Packard and others, is now a requirement to keep pace with attackers that are increasingly using more sophisticated tools, which include data analytics applications that can discover vulnerabilities more rapidly than ever before.
The degree to which security intelligence services can protect IT organizations is debatable. But without them, it’s almost certain that IT organizations with relatively small staffs will be overwhelmed, says White.
“These kinds of capabilities allow us to better keep pace with the volume of attacks we need to deal with,” says White.
In fact, the staffing issue is one of the critical requirements that security intelligence services are meant to fill. “When you look inside most organizations there isn’t anybody dedicated to hunting down attacks,” says Eric Ahlm, a Gartner industry analyst. “Security intelligence services fill a big gap.”
That gap, says Andrzej Kawalec, global chief technology officer for HP Enterprise Security Services, results in the average security breach costing about $8.5 million. To fill that gap, Hewlett-Packard just updated its ArcSight portfolio of security offerings to include threat detection and threat response management capabilities.
One security challenge that most IT organizations face now is a growing sense of fatigue. According to Kevin Thompson, a risk and intelligence researcher for Verizon, data breach research conducted by the telecommunications carrier shows that the vast majority of the attacks being launched, however, are relatively simple, but that can lull organizations into a false sense of security.
“The overall sophistication of most attacks is fairly low. There is, for example, a lot of targeting of weak passwords,” says Thompson. “At the same time the number of espionage-related attacks has gone up.”
Naturally, the competition to deliver the advanced warning systems needed to combat APTs has touched off a security intelligence arms race. Major security vendors, such as McAfee, Symantec, Trend Micro, Fortinet, Cisco and Check Point Software Technologies, are looking to differentiate their security wares based on the security intelligence services they provide.
Security Intelligence Services Ramp Up
In the meantime, IBM via a combination of software and services and RSA via an RSA Security Analytics platform are looking to leverage big data analytics to deliver next-generation security intelligence services. At the same time, Blue Coat Systems just moved to acquire Solera Networks to bolster its security intelligence line with intelligence threat capabilities based on big data analytics. On top of all of those offerings, a variety of smaller security intelligence companies, such as CrowdStrike and Mandiant Security, are aiming to carve out a niche in the rapidly emerging category.
“Our goal is to identify not only the attacks in real time, but also what and who is behind them,” says CrowdStrike CEP George Kurtz.
In fact, Tomer Teller, security evangelist for Check Point, says time is on the side of security vendors. Ninety-nine percent of security attacks make use of known vulnerabilities and attack methods. As security vendors get more proficient with big data analytics, only a handful of hackers will have the requisite skills to create a unique attack that doesn’t leverage a previously identified pattern. Once a pattern is recognized, automation tools can be used to remediate the vulnerability long before the attack is launched, says Teller. Eventually, the cost of launching attacks will become prohibitively expensive, he says.
“The cost of building the perfect attack is definitely going to rise,” says Teller. “In contrast, IT security itself doesn’t have to be expensive. It just has to be good.”
As a result, a lot of the debate about security these days is over how to most effectively capture and act on security intelligence.
“The delivery point for security has to be the infrastructure itself,” says Bill Boyle, director of product management security intelligence operations for Cisco. “That’s why we’re embedding security as a service into our products.”
To bolster that effort, Cisco moved to acquire SourceFire earlier this week as part of an effort to respond to APTs.
Beyond the actual threats, what’s keeping CIOs up at night is the ever-increasing cost of security. As a percentage of the overall IT budget, security costs have steadily risen in recent years. Security intelligence services delivered via the cloud or embedded inside IT infrastructure represent a way to bring those costs under control by relying more on pattern recognition and IT automation to mitigate threats across the enterprise.
For that reason, organizations such as Riverside Healthcare are evaluating security vendors based on their level of security intelligence. According to Riverside healthcare Chief Security Officer Eric Devine, the security requirements that health-care providers are being asked to meet are steadily rising as personally identifiable information comes under more targeted attacks. Riverside Healthcare recently opted to deploy security firewalls from Fortinet, which Devine says not only provides the needed intelligence but also a framework through which Riverside Healthcare can quickly respond once a threat is discovered.
“Security is all about being able to change and react,” says Devine. “But we don’t have the budget to dedicate people to log management.”
Ultimately, security these days is about balancing threats against costs. But unless IT departments have more visibility into the threats being aimed at their organization, chances are they will wind up spending more money on security to little or no avail.
“To do security right you have to be able to tell someone how the company is being targeted and what needs to be done to mitigate it,” says Gartner’s Ahlm. “You need to be able to put context around the security.”