The Cost of Incomplete

The Cost of Incomplete

Here comes the checklist: Firewall, got it.  IPS, got it.  SIEM, got it.  DDoS protection, I think I got it.  Endpoint protection, got it.  And so goes this list.  The space between those words is where you get hit.  

A recent article from the ABA Banking Journal shines a light on this subject and the growing idea that there needs to be a sea change in how we approach security.  Because the fabric that underpins all of the technology on which we have come to rely is so “ordered,” it has been the belief that structured models could be used to address the evolving security concerns that have arisen from the adoption of new technologies.  But, just like in “The Matrix,” the technology has turned on us.  DDoS attacks and APTs are examples of how structured models are costing users and companies billions each year.  Let’s look at what needs to change. 

Information.   Vis-à-vis one very popular model, layered security, we see a model that is necessary in many respects but can fail to inform properly.  That is partly because the component parts tend to be proprietary and it is costly to have enough of them in the right places to let you know when something bad is happening.  Remember, too, that it’s not enough to have the data, analysis also has to be performed to discover the threat. 

One area of the above referenced article where I encourage caution is the section entitled, “Layer It On.” Following the advice in that section is  a good idea in general, but only to a point.  What is missing in this section is the idea that we must still be able to see what’s happening within the network when one of the structured layers of defense  fails.  On top of layered defenses, we need solutions that provide network visibility and intelligence so that we can make sure our security tools are working, and still detect attacks when they don’t. Most enterprises already have this capability in the form of NetFlow, which can turn ho-hum devices like routers and switches into security information points. 

By collecting and analyzing NetFlow with advanced solutions like Lancope’s StealthWatch System, organizations can fill in the gaps left by conventional security controls. StealthWatch augments layered security strategies by delivering a more complete picture of network activities and security events. By leveraging the often forgotten, ho-hum devices on the network, the system can identify potential concerns before they become problems –  helping organizations avoid the high cost of an incomplete security strategy. 

For further information on NetFlow for security, go to: http://www.lancope.com/solutions/security-operations/