The security industry is now trying to deliver the intelligence that IT departments need to defend themselves from cyberattacks before they occur.
In the meantime, IBM via a combination of software and services and RSA via an RSA Security Analytics platform are looking to leverage big data analytics to deliver next-generation security intelligence services. At the same time, Blue Coat Systems just moved to acquire Solera Networks to bolster its security intelligence line with intelligence threat capabilities based on big data analytics. On top of all of those offerings, a variety of smaller security intelligence companies, such as CrowdStrike and Mandiant Security, are aiming to carve out a niche in the rapidly emerging category.
“Our goal is to identify not only the attacks in real time, but also what and who is behind them,” says CrowdStrike CEP George Kurtz.
In fact, Tomer Teller, security evangelist for Check Point, says time is on the side of security vendors. Ninety-nine percent of security attacks make use of known vulnerabilities and attack methods. As security vendors get more proficient with big data analytics, only a handful of hackers will have the requisite skills to create a unique attack that doesn’t leverage a previously identified pattern. Once a pattern is recognized, automation tools can be used to remediate the vulnerability long before the attack is launched, says Teller. Eventually, the cost of launching attacks will become prohibitively expensive, he says.
“The cost of building the perfect attack is definitely going to rise,” says Teller. “In contrast, IT security itself doesn’t have to be expensive. It just has to be good.”
As a result, a lot of the debate about security these days is over how to most effectively capture and act on security intelligence.
“The delivery point for security has to be the infrastructure itself,” says Bill Boyle, director of product management security intelligence operations for Cisco. “That’s why we’re embedding security as a service into our products.”
To bolster that effort, Cisco moved to acquire SourceFire earlier this week as part of an effort to respond to APTs.
Beyond the actual threats, what’s keeping CIOs up at night is the ever-increasing cost of security. As a percentage of the overall IT budget, security costs have steadily risen in recent years. Security intelligence services delivered via the cloud or embedded inside IT infrastructure represent a way to bring those costs under control by relying more on pattern recognition and IT automation to mitigate threats across the enterprise.
For that reason, organizations such as Riverside Healthcare are evaluating security vendors based on their level of security intelligence. According to Riverside healthcare Chief Security Officer Eric Devine, the security requirements that health-care providers are being asked to meet are steadily rising as personally identifiable information comes under more targeted attacks. Riverside Healthcare recently opted to deploy security firewalls from Fortinet, which Devine says not only provides the needed intelligence but also a framework through which Riverside Healthcare can quickly respond once a threat is discovered.
“Security is all about being able to change and react,” says Devine. “But we don’t have the budget to dedicate people to log management.”
Ultimately, security these days is about balancing threats against costs. But unless IT departments have more visibility into the threats being aimed at their organization, chances are they will wind up spending more money on security to little or no avail.
“To do security right you have to be able to tell someone how the company is being targeted and what needs to be done to mitigate it,” says Gartner’s Ahlm. “You need to be able to put context around the security.”