Tear Down Those Security Walls
You don't find turrets or moats protecting most homes today – and enterprises shouldn't get stuck in this old-fashioned analogy when safeguarding their infrastructures or data assets.
Today's corporate crown jewels don't reside in a locked room. They are scattered in data silos, collected in billions of sensors, and shared via millions of mobile devices, thin clients, and remote workers. Datacenters themselves may be on-site or hosted, in multiple clouds – be they private, public, or hybrid – and the concept of securing the enterprise like a castle of yore is bad for business, employees, and customers.
Indeed, 54 percent of an organization's security budget is now spent on implementing a security plan instead of reacting to threats, according to Dell's recently released Global Technology Adoption Index 2015. Those organizations that include "better security" as a business goal are more likely to develop security plans (69 percent), versus those who do not have a stated business goal of "better security" (58 percent), GTAI reported. And this year 35 percent of North American companies viewed security as a competitive advantage, up from 25 percent in 2014, the study found.
Perhaps a better analogy than castles is to approach security as an immunology challenge, one that can stem from internal weaknesses – like genes – or external sources – such as a flu or cold, suggested Marc van Zadelhoff, vice president of IBM Security, during the Gartner Symposium/ITXPO earlier this month in Orlando. Like an immune system, enterprise security solutions must learn and evolve, and not rely on barricades set up on artificial endpoints, endpoints that move, adapt, and seldom stay in one place, he said.
"The first part of that mindset is [to] treat security like we treat any business problem. We've got to treat this like any other transformation problem we have," said van Zadelhoff. "A security operations center has got to go from being a basic collection area to something you can use to hunt the bad guys."
That mindset works for SimSpace, which offers companies network emulation and modeling tools for realistic cyber training, assessment, and hardening. Enterprises' security philosophy should mirror the consumer age of quantified self, Lee Rossey, co-founder and chief technology officer of SimSpace, told EnterpriseTech. Rather than visit a doctor annually – or do a security test once or twice a year – enterprises must continuously monitor their security systems, staffs, and policies due to the ever-changing nature of malware, hackers, and social engineering, he said.
"If you go to the doctor and the doctor says, 'You're in good shape but you need to work out more,' then you don't show up again for two years, where's the benefit?" Rossey asked.
The SimSpace Solution
SimSpace makes a "clone or high-fidelity replacement" of clients' environments, placed in a highly secure cloud, then allows the enterprise's security team to combat attacks using its real tools and techniques – without any risk to the real data or infrastructure, said Rossey. Using Ravello Systems capsules that allow organizations to run virtual labs in the cloud, SimSpace recently opened up its offering to commercial customers such as several large banks, he said. Ravello provides its own hypervisor that sits atop Amazon Web Services or Google Cloud and delivers complete encapsulation, Rossey added.
The service, which evolved from SimSpace's work with government agencies such as the Department of Defense, includes training so enterprises improve their security capabilities, he said. Organizations also can test out new security tools to see how they fit into their environment, Rossey said.
Because it's cloud-based, costs are lower than any comparable on-site systems. The company uses capacity from Amazon Web Services and Google Cloud to provide full-featured pre-configured cyber ranges that are deployed on-demand in isolated environments, according to SimSpace. Plus SimSpace shares with clients all the information it gleans from tests, including penetration and malware testing, Rossey said.
"One of the challenges big IT shops have is they can't always add the latest because they don't know what it will do for them. Until you can prove out the value, [our service] allows them to flesh that risk out before actually implementing," he said. "You can buy the best new firewall, but it's not just about the technology itself, but it's about how it's configured and it's about how proficient are the operators. As we start running through the attacks … the question is if the attack gets through – an insider, an outsider – and the actual team, how effective was the actual team on mitigating or negating the attack. Maybe they couldn't make sense of all the data that was being flooded to them. Half of the time the attack may not be a technology problem; some of the operators may just need a little more training. And that's what we want to help uncover and provide a little more clarity."
During this weeks Dell World, Dell unveiled several new solutions designed to address security holistically, rather than with a castle-and-gate approach.
The company released a new approach to detecting and blocking advanced persistent threats; enhancements to its Dell Data Protection (DPP) data security suite; new application security services; increased user security for cloud apps with multi-factor authentication, and management and policy integration across its firewalls.
Dell wants its security solutions to help tie together enterprises' often siloed IT assets, delivering efficiency and compliance via integrated yet modular solutions, Darryll Dewan, who is responsible for global sales and field marketing of the Dell Data Protection suite of security software products at Dell, told EnterpriseTech.
"We've tried to make it simple to have a conversation with end users about the security solution. It's working, it's working real well," he said. "Most people who look at security look at not one item that will protect them; it's a layer of protection approach. We want to protect data wherever it goes."
With the EMC acquisition, there are many questions – and lots of excitement – at the potential integration or inclusion of RSA security solutions within Dell's existing portfolio. While Dewan declined to discuss this topic, he expressed enthusiasm for the acquisition and future possibilities it could bring, especially to the security division.
"I'm excited about the potential synergies with existing technologies within RSA," he said.
Dell's newly released products include:
Dell One Identity Cloud Access Manager 8.1, slated to ship worldwide on Oct. 28, was designed to secure access to internal and cloud-based web applications. It enforces security policies and controls, improves user productivity, and features SaaS-based, multi-factor authentication through Defender as a Service, Dell said.
- Dell SonicWALL Email Security, available now,
- Dell SecureWorks’ on-demand Emergency Cyber Incident Response (ECIR) capability for clients deploying assets on Amazon Web Services (AWS), available now. It includes Cyren anti-virus signatures and multi-layer AV protection.
- Dell Data Protection-Cloud Edition 2.0, Dell Data Protection- Server Encryption and Dell Data Protection-Endpoint Recovery are available now. Enterprises can encrypt data, enact policy controls as data moves from endpoints to public cloud platforms, and retain their encryption keys..
- The integrated solution of X-Series switches, TZ Series UTM firewalls, SonicPoint Series wireless access points, WAN Acceleration Series and GMS are slated to ship in 2016. Businesses can manage and enforce security policies for these devices via one control.
"Malware is a big, sophisticated business. SCADA attacks are spiking and continuing to rise," said Kent Shuart, product-marketing consultant, at Dell. "You have to define your security perimeter. You security perimeter is your network, sure. But is that all your security perimeter is? Absolutely not."