17 October 2016 | 0
Information security has become a very complicated business. Whether it is the threat of hacking, the fear of malware or the malicious encryption tools that now abound, one thing seems certain — the old ways of doing things are done.
Instead of dealing with individual threats, the modern theory of adaptive security says that security measures should be able to adapt to circumstances and identify patterns of threats rather than simply compare against signatures. They should be able to handle varying volumes, varieties and velocities of threats.
Adaptive security is able to respond appropriately to the threat, autonomously.
“Most proactive companies have started deploying security according to this model and are completely revamping their approaches. IT security needs to be adaptive and as a means to understanding this, many in the industry are talking about ‘immune system’ technology,” said Emily Orton, director with IT security specialist Darktrace.
“That’s because the human immune system constantly adapts to new threats and is a good analogy for how adaptive security needs to work in the IT sector. If you think about it, the human body protects itself in several layers. The first is the skin that protects you against everyday stuff like dust and dirt. But behind that is our autoimmune systems, and that keeps us protected from the colds and viruses that we come into contact with. But the whole principle of the immune system is that it assumes you’re going to be compromised — it assumes things are going to get beneath the skin, through that physical barrier.
“It’s not a perfect system, because occasionally we fall ill or catch colds and other things. But actually it’s very, very efficient in protecting us against the unknown.”
Each person’s immune system is unique to them, and according to Orton, adaptive security similarly needs to be set up to be unique to each organisation, to understand what is normal for that organisation and what isn’t for the network that is being protected.
“The traditional approach works by maintaining blacklists of viruses and activity that are prohibited — by knowing in advance specifically what unauthorised behaviour on the network looks like. The problem with that approach is that it’s becoming increasingly difficult to predefine in advance what type of cyber threats a company is going to face today or in the future,” Orton said.
The traditional approach to security is based on building a metaphorical wall around a network and then trying to protect the perimeter. But the advent of bring your own device (BYOD) and the internet of things means that the average network has an ever growing number of devices connecting to it.
“Five years ago we were asking ‘do you have a secure and clean network?’ Today no one professes to have a clean network. Companies will experience threats inside their networks — that’s just a fact of life. Network perimeters can’t be defended 100 per cent anymore; they’re just too porous,” said Orton.
“There are so many ways to get into a network today, whether that’s the daughter of the CEO using his iPad on the corporate network, or because a growing range of technology is connected to that network. We have companies where the air conditioning system was on the network and hackers got into valuable data through that route.”
At the same time, companies have to deal with one of the biggest threats of all — the people inside the perimeter actually using the network. From employees to suppliers and customers, today companies are dealing with a battlefield that is very much inside the perimeter.
“We’re a three-year-old company and we’ve grown very quickly. Even within that short space of time we’ve seen threats evolve, not just on a daily basis but on a minute to minute basis,” said Orton.