Threat Protection Requires IntegrationStatic Security Can't Defend Against a Kinetic Attack
For centuries, armed conflict has helped shape the course of history. The most effective armed forces often have one thing in common: their ability to align and integrate different services and specialties into a cohesive fighting force. Arguably, the Roman army, which reigned supreme for hundreds of years, provides one of the best examples of an army's ability to integrate a broad range of skills and expertise into an effective fighting force.
While strength in numbers allows large armies to succeed, that is not the primary reason for their success. Today, notwithstanding its sheer size, the United States Armed Forces is an effective fighting force in large part due to its ability to integrate various services and the thousands of specialties within each force into a formidable fighting force.
Sophisticated cybercriminals rarely focus exclusively on a single attack vector. Why?
What benefits can an integrated approach provide security professionals?
Companies Face an Onslaught of Attackers
During a time of significant change for corporations, when today's modern network extends far beyond the company's physical walls to include the cloud, mobile devices, virtualized devices and data centers around the globe, it's disturbing that companies face such well-organized and pervasive threats.
Cybercriminals routinely use stealth to disguise email-based attacks as normal communications, or brute force as is the case with Denial-of-Service (DoS) or Distributed-Denial-of-Service (DDoS) attacks that seek to overwhelm an organization's website and, consequently, their defenses against additional attacks designed to steal data or commit fraud.
Regardless of the actual tactics, one of the most impressive and yet frightening aspects of such attacks is the cybercriminal's ability to organize efforts and marshal the resources needed to achieve their aims.
Sophisticated cybercriminals rarely focus exclusively on a single attack vector. Why? The reason is quite simple. If they did, it would be relatively easy for security professionals to detect their activity and block their path.
Instead, they employ a broad range of attack vectors, sometimes in sequence, often in parallel and repeatedly, to overwhelm a company's defenses. In essence, within their attack platform, they have integrated their approach. In doing so, they can launch attacks that target known points of weaknesses.
Intelligent Integration Holds the Key
Today's threat environment is extremely dynamic. Consequently, static, point-in-time approaches do not provide the capabilities that security professionals need to detect and prevent attacks. Worse yet, even when ineffective, point-in-time solutions still require time and money to administer and maintain.
Merely integrating disparate security functions within a single platform is not the answer. In order to be effective, there must be a free flow of intelligence that allows each solution to focus on its mission, but not do so in a vacuum.
As an example, in the event that a solution uncovers newly-arrived malware present on an endpoint, within an intelligently integrated platform, that discovery could trigger analysis of the network sensors to determine a point of failure and support the revision or creation of a new rule. The discovery of endpoint malware could also automatically trigger restricted access privileges for that user until remediation takes place, as well as a real-time update to the company's endpoint malware solution to reflect intelligence gathered during the remediation process.
We're All in This Together
Intelligent integration delivers a superior level of protection that leverages the collective intelligence gathered across previously disparate solutions. Using this approach, organizations no longer have to wait for a fully-formed threat to manifest itself. Before data leaves the organization's control, or a third party raises a red flag, the organization can take steps to protect itself.
Beyond ensuring the intelligent integration of the components within one's defenses, sharing real-time threat intelligence within a community of security professionals can undoubtedly result in a more robust defense.
In fact, cybercriminals count on security professionals in unrelated industries not sharing intelligence. Sharing threat intelligence empowers security professionals and allows the recipient of such information to learn from the pains of another. In time, as the community of security professionals pool their respective knowledge and it is shared in a systematic way via shared security solutions, or on an ad-hoc basis, the entire security profession benefits.
An integrated platform forms the basis for today's armed services and many other forces that have gone before them. Further, sharing intelligence is not just a theoretical concept, it has real world, practical implications for companies and their ability to combat the threats they face.
Paul McCormack, CFE, is a freelance business writer and consultant. His areas of expertise include accounting, banking, cloud computing, corporate governance, corruption, cybersecurity, executive protection, fraud, intellectual property and money laundering.