Mobility today allows access to any resource from any device from any location. The resources can be public cloud, private cloud and data centre. They can even be shared resources from end user devices.
A good example of this is Cisco collaboration combining voice, video, and user applications for distance based, highly interactive meetings. This is designed to increase the level of decision making and significantly reduce the time taken in making critical decisions.
What does this allow companies to do? Make important business changes quickly, efficiently and with companywide buy-in from all critical parties regardless of geographical location. For companies today, making the right decisions faster is simply about being more profitable.
What does this mean for their network? Company resources, applications and data, are no longer within the traditional confines of a data centre or office-based locked down user devices. The security exposure to companies has dramatically increased.
A new approach to security has to be adopted. It is no longer a case of blocking attackers coming through your Next Generation Firewall and installing some antivirus software on your end user devices. Today it is not a matter of ‘if’ your company will be compromised, but ‘when’ this will happen. The focus is now on ‘how do I detect an attack already within my network and how do I deal with it’. The firewall is still a major aspect of a security strategy, but is only part of the story.
The network platform itself has to be part of the security fabric. Ideally, a centralised security management system should leverage the network for information about network traffic as well as dynamically changing the network to isolate and contain security breaches. An example of this is Cisco’s Identity Services Engine (ISE). This is part of a complete security system approach.
A recent study showed that 54% of breaches remain undiscovered for months and that 60% of data is stolen within hours of a breach.
A security platform today needs to be able to understand what is happening on your network. It needs to be able to tell you who and what is on your network, who is talking to whom, and what are they talking about. It needs to understand the threats and their relevance to your business (threat centric). It needs to focus across the whole threat cycle; before, during, and after.
This is why Cisco recently purchased Sourcefire. Cisco Sourcefire (FirePOWER services) combined with ASA firewalls is the first step in implementing an integrated threat defence system. As well as the standard Next Generation Firewall features, FirePOWER services offers Malware File Trajectory, correlated SIEM eventing (Security Information and Event Management), File Analysis and many more features.
What does this mean? Looking at the biggest security threat today, Malware, it provides a graphical and textual representation of the attack trajectory (Malware File Trajectory). This provides information on what type of attack it is, where the attack started (ground zero), the point and method of entry, the scope of the attack, the file type, and the trajectory of where the attack has gone in the network.
With correlated SIEM it also provides information on the severity of the attack in relation to your business, how hostility was determined, the OS of the end point and its vulnerability to this attack (application vulnerability), whether the host has been compromised by this or other attacks, and what operating systems are in your network and their general disposition (do they have all the latest patches, updates, etc.). As well as all of this, if the disposition of an attack changes (the MalWare file may be dormant for a period of time and then change at a later time whilst still in your network or may change from one type of attack to another), FirePOWER services can also retrospectively go back and identify the scope of the breakout. This information allows the attack to be contained and remediated quickly and efficiently.
Prioritising attacks is essential. Many security offerings today provide huge amounts of information on attacks against a network but, because there is so much information, the critical attacks can be missed. Attacks need to be correlated correctly (correlated SIEM) and then highlighted based of business importance. Cisco provides graphical and textual information highlighting this and therefore allowing businesses to easily identify and concentrate on the most critical attacks first
“Express Data works very closely with our resellers to assist them with mobility opportunities across a number of technologies. Providing virtual wireless access point deployment layouts, engaging with reseller’s end users to assist with planning and demonstrations and provide assistance in project management and configuration services. Express Data provides quarterly regional technology updates to their partners, currently Express Data and Cisco will be hosting an ASA Firepower training sessions in early May in Auckland, Wellington, and Christchurch.”