Enterprises today are continuously working towards maintaining a perfect set of security policies. However, their over-dependency on blocking and prevention mechanism is futile considering the advanced attacks they face on their networks by cyber criminals. Neil MacDonald, VP and fellow at Gartner is of the opinion that, “We can’t control everything (in the network) anymore.” He says that we need a security model that can handle the moving perimeters and dynamics on a network. He believes that “The next generation data center is adaptive – it will do workloads on the fly, it will be service-oriented, virtualized, model-driven and contextual. So security has to be, too.” Therefore, to fight against these advanced cyber threats, Enterprises should build a comprehensive security model which is also adaptive in nature. Adaptive Security is a real-time network security model that employs modern tricks and tools to counter the threats over a network by cyber criminals. Adaptive Security scrutinizes and identifies a network for malicious traffic, anomalies or vulnerabilities in real-time and automatically implements endpoint security. Adaptive Security comprises of four most important category of competence - preventive, detective, retrospective and preventive. •“Preventive” capabilities help organizations to put together all the precautionary policies, products, and processes in order to counter attack the threats. •“Detective” capabilities detect the attacks that bypass the preventive layer of protection. This layer aims at reducing the time taken for threat detection, therefore preventing potential damages from becoming actual damages. •“Retrospective” capabilities get deep down and find issues that were not discovered by the detective layer. It then root causes the analysis and provides forensic insights. These retrospect information can be used to recommend new preventive measures to avoid future incidents. •“Predictive” capabilities keep the security team on alert by providing them information on the external events. This layer monitors the hacker activities externally and proactively anticipates new types of attacks against the current systems. Later, this information is used as a feedback for the preventive and detective layers, thus creating a complete loop for an adaptive security.
In 2016 a report by Gartner on “Designing Adaptive Security Architecture for Protection from Advanced” states that the four elements of Adaptive Security (mentioned above) should work together intelligently and an integrated and adaptive system to ensure a complete protection against advanced threats. Nonstop monitoring and deriving analytics and insights is the core responsibility of any Adaptive Security Architecture. Some of the important objectives of an Adaptive Security Architecture is as follows:
• Curtails threat amplification by restricting its potential spread • Reduces the surface area for the attackers • Decrease the rate of attacks • Quick response to attacks thus reduce the remediation time • Facilitate attacks that try to limit resources • Promote correctness by responding to attacks that intend to compromise data or system integrity
• Finer Grained Controls • Automation (along with human intervention) • Stateful Inspection • Packet Filtering • On demand Security Services • Security as a Service • Integration of Security and Management Data
Adaptive Security can adapt to the evolving policies, procedures, infrastructure, and threat landscape facing the public, private and the enterprise sector. For it to work properly, organizations need to understand their entire environment, access their cybersecurity risk and determine their risk tolerance. From knowing where the data resides in an institution to what level of controls are given to individuals, Organizations should proactively do the vulnerability assessment in order to identify how and where the attackers might target.
By Adopting the Adaptive Security model, organizations get a better definition of their strengths and weaknesses and more accurately access their security requirements, strategic investments, resource allocation and time.