Are you losing sleep over trying to figure out your network security solution and strategic posture? Who can blame you, when the battle lines shift every day?
Network security, unfortunately, is never a static condition. Just when you might feel like you can take a breather because you have “stopped the bleeding,” a new vulnerability comes along and you have to plunge back into the fight.
If only network security programs could continually evolve to stay ahead of advanced attacks, you’re probably thinking. Take heart. Before long, that might be possible.
Ask yourself these questions
But let’s start with a few of the important considerations for you as you assess, revise, and plan your network security profile. The following questions come to mind:
- Do you want to assess your organization’s attack surface and uncover threats that could have been easily mitigated?
- Do you want to identify key gaps in your network security program?
- Do you want to better understand your organization’s cyber risk posture and threat exposure?
As fundamental as these questions may seem, to be able to place a checkmark by each of them and mark them “complete” is extremely challenging. And a big part of that challenge is the complexity.
With massive amounts of data coming at you, it becomes very hard to compartmentalize and categorize it. What is critical and essential and what is only moderately important when it comes to your data and network protection? As a result, even when you buy solid security solutions, if you have trouble understanding what they are telling you, you may be taking actions – or not taking actions – that end up leaving you vulnerable.
Today we rely on monitoring and response systems, which are all about instrumenting systems to collect data and ship it someplace for analysis. That analysis then provides a situational awareness about what is happening in a given system and in the enterprise at large. A number of companies offer products today that effectively monitor your system.
The next step: measurement
The hottest advancements in this area, however, are in artificial intelligence and machine learning. Applying them effectively to network security can lead us beyond monitoring to measurement.
A measurement approach involves examining what is happening or has happened on a system and comparing it with models that were developed for good behavior. Measurement is really less about what the system has been or is doing than it is about assessing the system in light of what it should be.
It extends the notion of measurement products that look at a snapshot of an application in a system and gauge whether that application is what it’s supposed to be. Is it trustworthy? Has it changed over time? And if it has changed over time, how? For good or for bad?
Ordinarily, applications don’t improve themselves without some form of artificial intelligence, and that isn’t at a point yet where it can improve on the base coding of an application.
But for now …
Bringing this back to today, where are we? First, the good news. Most monitoring products have excellent antivirus platforms, as long as you remember to keep your monitoring platform current, and do that on a daily basis.
But an enterprise has to deal with that huge administrative complexity, addressing everything that is running across the corporation. It can’t truly measure the system – at best getting static measurements that don’t reflect the runtime state. It would seem there is no way to get all the information that is truly necessary to get your security levels as close to 100 percent as possible.
So how do we get from where we are today to where we need to be tomorrow?
The first thing to do is to make sure that you work closely with your wireline and wireless service providers. They are your strategic support team, and when you come right down to it, their networks are for all practical purposes identical to your networks, only on a larger scale. They constantly address the same types of security challenges that you do.
You can help your provider by taking a proactive approach to cybersecurity. Start by sharing your questions, your concerns, and your experiences. You may encounter a network security anomaly that they haven’t, and by sharing that information, you can collaborate in order to strengthen defenses and benefit both of you. The provider can and should do the same with you.
It will be fascinating to see the next iteration of monitoring toolkits, which are likely to involve new forms of trusted measuring of the system states, the security kernels, and the operating system in general.
In the end, there will always be a need to monitor, for an enterprise to put a solution in place that monitors applications and systems and provides the necessary feedback to make good decisions. But measurement can and will be the next step.