Forcepoint Flash: From The Office Of The CSO
Content Security: The Value of Integration
By Doug Copley, Forcepoint Deputy CISO
In the modern business world of 2016 companies face many challenges, from the evolving threat landscape to rapidly advancing technologies and generation gaps within their workforce. Though organizations often struggle to adapt to these challenges, the technologies available today, such as cloud computing, mobile computing and the internet of things, offer business opportunities and capabilities that never existed before. Those organizations that can effectively adapt and securely leverage the transformative technologies of 2016 will thrive and define the new business models for the future.
The threat landscape of 2016 is vastly different than it was even a few years ago, and is rapidly evolving. The threat actors of 2016 can introduce significantly more risk than those that preceded them. The threat actors today include nation states, highly sophisticated, mature criminal organizations, opportunists hired to infiltrate organizations for financial or political gain, and groups that attack based solely on ideological differences. To safely enable businesses to rapidly adapt and advance, information security departments and information security solution providers must provide protections that are comprehensive, integrated and adaptive to both the needs of the business and the evolving threat landscape.
Comprehensive – No longer can organizations consider themselves fully protected with a firewall and endpoint anti-malware software. Threats can come in the form of malicious links, infected file attachments, “drive-by” downloads, malicious web pages, etc. and the entry point can be via email, internet web pages, the company’s own web pages, applications and even their own employees or third party contractors. Security protections need to provide a wide range of capabilities to address an organization’s threats and vulnerabilities. Capabilities such as email attachment sandboxing, URL sandboxing, click-time web protection, web URL and DNS filtering, web page content inspection, https inspection, web application discovery, data discovery, data loss prevention, phishing protection, phishing exercise capabilities and more. These capabilities are in addition to the more “traditional” security protections such as stateful firewalls, intrusion detection and prevention, endpoint anti-malware and strong processes and practices around access control. Without comprehensive protections in place, gaps that can generate substantial risk may exist within or outside your organization. This could be similar to locking your house, closing your garage door, closing and locking all the windows, but leaving your car outside the garage unlocked, which has a garage door opener or spare key in it. These gaps may be easy to find at home, but in a complex business environment spanning multiple business functions, networks, locations and countries, this can be extremely difficult. Organizations are challenged with identifying and remediating these gaps before criminals can exploit them.
Integrated – Depending on the industry and the culture of the organization, dedicated security resources within a company can range in quantity from less than one to several hundred. Although CISOs and CROs fully understand ALL risks shouldn’t be mitigated, nearly every CIO and CISO I speak with feels security resources (staff, budget) are constrained to the point that they are challenged to even mitigate those risks that the organization wants addressed. To help organizations address some of their resource constraints, it’s important to leverage security tools that are integrated. Integrated security tools leverage the same security intelligence platform, the same threat protection engine and can be managed from the same console or “single pane of glass.”
Intelligence and threat protection – tools that leverage a common intelligence platform benefit from the collective wisdom of all the tools and intelligence feeds. That is to say, when a new threat is identified by one tool, all tools benefit from that discovery. This raises the intelligence of not only that tool, but ALL the integrated tools. A good analogy I’ve heard used is “all boats rise in high tide.”
Integrated console – security teams with tools that leverage a common, integrated management console benefit from reduced staff hours required to manage the tools. Not only does it reduce “point product fatigue” in having to manage many tools independently, but a common management console, or command center, can provide a prioritized risk view across the tool set that can make security staff more efficient at addressing the most critical risks across the organization, while not wasting time on insignificant ones.
Adaptive – As described earlier, organizations are constantly adapting to the evolving business and threat landscape, and they need security protections that can adapt as well. Whether a company decides to implement protections in their data center, on their PCs or in the cloud, they don’t want separate tools for separate environments. Organizations comfortable with their security platforms want to use the same protections in the cloud as they use in their own data center. When the business drives functionality to the cloud, introducing new security tools to manage the cloud application or platform just puts more demands on an already resource-constrained team. Adaptive security platforms abstract the information security protections from the location or platform of the information, and in the best scenario, allow teams to manage those same protections across locations, platforms and applications from within the same integrated command center.
Today’s evolving business landscape is providing organizations tremendous, transformative opportunities for advancement, yet at the same time forcing them to adapt to new technologies at an aggressive and challenging pace. That rapid change can wreak havoc with security teams that are resource constrained. Existing protections must be managed, new initiatives need to be evaluated and protected, and the same staff is charged with increased responsibilities. Equipped not with point solutions, but with security platforms that are comprehensive, integrated and adaptive, security teams are positioned to better keep pace and maintain effective security controls for their organizations.
Doug Copley is Deputy CISO and Security and Privacy Strategist with Forcepoint. He can be reached at firstname.lastname@example.org, on LinkedIn at www.linkedin.com/in/dcopley or on Twitter at @hcare_security.