IT pros express major concerns on the security landscape
3 July 2015 | 0
It is always interesting to hear from those “at the coalface” of enterprise IT about their concerns and thoughts about the industry. It is easy for those of us who make our living opining on the state of IT to come up with analyses, but it is those who are actually responsible for IT security who have to shoulder the burden of their organisation’s security expectations.
So it was interesting to read a recent survey published by security vendor Bromium that looked at security professionals’ views on the biggest risks facing organisations and the effectiveness of existing security solutions.
As the world takes new approaches to infrastructure, application design, and data access, security organisations are facing increasingly complex challenges to keep the business safe. As such, it is perhaps unsurprising that security practitioners have some real concerns about the ability for traditional approaches to meet the needs of modern organisations.
The survey, taken from an admittedly small sampling, came up with some interesting, and concerning, findings. The results show that confidence in traditional detection-based security solutions, such as antivirus and firewalls, is at an all-time low, and people are more interested in prevention-based security solutions. Some notable takeaways include:
- 92% said they have lost confidence in the ability of traditional endpoint protection solutions, such as antivirus and white-listing, to detect unknown threats like zero-day attacks
- 58% of respondents believe that prevention, such as hardening and isolating systems, is the most foundational aspect of security architecture
- When asked to select from a list of security solutions, 58% consider endpoint threat isolation the most effective solution at preventing cyber threats
Of course, these findings play right into Bromium’s value proposition. The company has a novel approach towards security that essentially moves away from threat detection by introducing the concept of the microviser, a standalone and fully encapsulated container within which discrete operations take place.
By utilising this approach, Bromium can let attacks run their course, secure in the knowledge that those attacks are not able to impact other parts of the operating environment. As I said, these findings play into the core Bromium value proposition, but even outside of the self-interest, some interesting issues are being raised here.
“The frequency and magnitude of high-profile data breaches is causing organisations to lose faith in detection-based solutions, such as antivirus,” said Clinton Karr, senior security strategist at Bromium. “Information security professionals are turning instead to technologies that provide proactive protection, such as threat isolation, as the foundation of their security architecture.”
This idea of creating the smallest possible risk area, and letting said risks run their course, is gaining widespread favour. According to Gartner analysts Neil MacDonald and Peter Firstbrook, in a report entitled “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” the best approach for organisations is to harden and isolate systems:
“We believe the foundation of any information security protection architecture should start by reducing the surface area of attack by using a combination of techniques. These techniques limit a hacker’s ability to reach systems, find vulnerabilities to target and get malware to execute.”
This move towards isolation is a difficult one to grapple with for many security professionals. They have, for the longest time, seen threat detection and mitigation as the best possible defence against attacks.
Slowly, however, the orthodox viewpoint is being replaced by something more pragmatic, and security professionals have begun to realise that they are fighting a losing battle. This idea of threat isolation is winning favour as the most logical response to an ever-increasing risk profile.
Ben Kepes, IDG News Service