A Move From Alert-Driven to Intelligence-Driven Security
One of the unfortunate by-products of the proliferation of point products within the CISO’s environment has been an avalanche of security events and alerts, making alert overload one of the banes of the modern CISO’s existence. In fact, a whole new category of products and services has grown up to attempt to bring order to this chaos (referred to as Security Information and Event Management, or SIEM). However, managing security through alerts has been described as being analogous to driving a car down a busy highway at night by looking through a frosted rear-view mirror: it is not only misleading, but likely to end in disaster for all involved!
The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security – vastly enhancing the CISO’s visibility and ultimately delivering substantial improvement in the robustness of the security posture.
As the many components of the security infrastructure become aware of, and responsive to, each other we can begin to extract true intelligence from an understanding of the inter-relationship and correlation of activity across the internal network, endpoint devices, cloud-based applications and the internet at large. As these services are delivered through the cloud, we will gain an unprecedented vantage point from which to extract intelligence in real-time across a global footprint of enterprises, end users and infrastructure – something that is simply impossible with today’s organizationally silo’d, event-driven approaches.
The transformation to a truly intelligence-based approach to security will entail the development of global cloud-based services with broad reach across all components of the extended enterprise infrastructure: not just internal to the network, but reaching broadly across an array of service providers and applications. Furthermore, new “big data” services will emerge to correlate, analyze and extract intelligence from the various data sources. These will be coupled with new approaches to data visualization, to enable assimilation of this intelligence, and rapid identification of trends, attacks and anomalies.
At iSheriff, we are pioneering this new approach to security. Our global cloud-based security platform provides our customers with unparalleled visibility and control over their security posture, whilst keeping their users and networks protected from the latest threats.