Taking Your Defences To The Next Level With Adaptive Security
Traditional network security techniques tend to be relatively static, unable to keep pace with developments in cybercrime techniques. Most systems – perimeter firewall, anti-virus etc – are based on rules that are configured according to known threats.
Rules-based systems can’t keep up
Antivirus software is a great example of this methodology. The application uses a list of signatures to identify malware, based on known identifiers. And to stay up-to-date with these threats, the antivirus application will periodically download a new list of signatures.
Although relatively effective, there will always be a lag between a new virus entering in the wild and the antivirus vendor producing a signature for their detection engine to use. That leaves a window during which your systems are vulnerable, because the rules are unable to keep pace with the cybercriminals. And the same is true of any rules-based security system.
Traditional security techniques don’t work with DevOps
The move towards DevOps-driven operations is compounding these problems. It is impossible to enact rapid change safely when security is governed by a set of static rules. You face an impossible choice – relax security provisions to enable rapid change, or sacrifice speed of change in favor of maintaining protections.
To take full advantage of DevOps, you need a flexible security approach that flexes as your systems change – without exposing network resources or data. This is where Adaptive Security comes into play.
What is Adaptive Security?
Adaptive Security is, as the name suggests, designed for maximum flexibility to meet the demands of a DevOps environment. As one source puts it, these provisions should prevent “checkpoints, chokepoints and bottlenecks” – in real time.
Instead of using basic rules, Adaptive Security employs machine learning and artificial intelligence to automate protection for your networks. As a result, Adaptive Security goes far beyond simple event logging and alerting.
Automation is crucial given the sheer volume of data being processed across an ever-increasing array of systems and endpoints. It is physically impossible to manage so many network elements manually – especially as IoT deployments increase in size and complexity. And that’s before you consider the implications of the modern hybrid cloud operating environment.
Adaptive Security uses machine learning to monitor activity across the network, analyzing traffic and behavior to establish a baseline of normality. The system also collects and analyses security and event log files from all of your connected devices to provide additional context. The entire process is proactive to ensure safeguards are accurate, up-to-date, and can be applied in real-time.
Over time the system learns what a valid network request looks like and, by inference, how what a malicious request looks like. These observations are used by the artificial intelligence engine to generate a series of rules that will be used to control access to network resources.
Why does Adaptive Security matter?
Previously we said that rules were the cause of problems under the traditional security model – so why does Adaptive Security use them? The difference is to do with the way that rules are applied.
Historically rules are used to create a blacklist: known activities/malware/users are banned from the network – anything not on the list is permissible. Adaptive Security turns this model on its head with the use of whitelists: the artificial intelligence engine generates a list of normal activities – only those activities on the list are permitted.
Blacklists are manually intensive to create and manage – and they always lag behind real-time. The whitelist approach ensures that nothing sneaks though because the system “knows” what normal activity looks like, blocking anything not yet explicitly permitted. The machine learning engine in Adaptive Security platforms also ensures that the whitelist is constantly updated and refined to further improve network protections. Unknown events can be raised for manual confirmation too, allowing your security engineers to train the system to better prioritize issues too.
Perhaps most importantly, the real-time monitoring and detection process is self-sustaining. This dramatically reduces the window of risk between a new security threat being identified and the relevant safeguards being implemented. Indeed, with a well-developed whitelist in place, it is almost impossible for malicious activity to compromise your network.
Adaptive Security and you
The flexibility of Adaptive Security solutions must extend beyond coping with changes to configurations of your network. The use of on-demand cloud resources demands a security system that supports auto-scaling to address instant service expansion. For this reason, the use of low-impact agents that can self-configure upon deployment will prove invaluable, reducing the administrative load on your network security team without compromising protections.
An effective Adaptive Security solution will also apply learnings from other installations to increase speed of response to emerging threats. In the case of Alert Logic (Navisite’s partnered provider of Adaptive Security solutions), this involves secure sharing of anonymized observed network behaviors to create a centralized database of rules; this information is then accessed and integrated by installations across all client sites. In this way, your security platform benefits from the machine learning efforts of all other service subscribers, accelerating responses to potential threats to security.
Adaptive Security must be present at all levels of your network too. At the perimeter, you will still need intrusion and prevention services for instance, albeit with greater autonomy and automation for controlling access. The same monitoring engine will analyze and filter internal network traffic to identify and block activity that deviates from the observed norm.
Despite the high degree of autonomy inherent in Adaptive Security, manual intervention will still be necessary. The platform will generate activity reports that require prioritization or additional remedial actions. With the assistance of a managed services provider you can further reduce those overheads however, relying on their expertise in hybrid environments to ensure security is maintained across the entire estate.
To learn more about Adaptive Security, what it means for your business, and how Navisite can help, please get in touch. For more information on cloud security in general, click here or call (888) 298-8222.