New Zealand businesses need to 'rebalance' their security portfolio to counter the changing threat landscape according to three security focused companies who are pitching a three-pronged – and three vendor – approach.
FireEye, Imperva and Splunk joined forces to present a unified front with the 'Enrich. Defend. Protect.' security roadshows in Auckland and Wellington.
The three vendors have partnered to provide what they claim is 'unparalleled visibility and control over this latest generation of security risks' which 'are specifically designed to evade traditional security controls and infrastructure'.
Rich Costanzo, FireEye ANZ sales engineering manager, notes that FireEye is seeing 'a brand new style of attack every three minutes.
Paul Steen, Imperva principal security architect for South Asia, Pacific and India, says that just like investment portfolios, which are 'rebalanced' regularly according to the financial market, so a customer's security protection should be readjusted as the threat landscape changes.
“If we look at what we were spending on security back in 2001, most companies were spending money on antivirus, firewall and IPS. Now we come to 2013 and what are we spending money on? Antivirus, firewall and IPS,” Steen says. “You can be sure the hackers have got a bit more creative.”
Steen says while controls such as next generation firewalls, antivirus and IPS remain valid for certain attacks, new threats are not addressed by them.
“An Imperva study compared 28 different forms of AV against known malware and the hit rate was less that 25%. While we still need this, maybe we should look at how we're spending our security budgets.”
Steen argued the case for protecting the data centre, or more specifically, the data, rather than relying solely on endpoint and network security.
“There are just too many threat vectors. There are so many ways into an enterprise [for hackers]. Chasing everyone one of those vectors is like chasing mice," he says.
"There might be 100 ways in, but there is always one target: the data, they're always going after the same target, the cheese. So maybe instead of spending all of our cash and all of our time and effect chasing the mice, how about we spend a little effort protecting the cheese?”
“No one is under the illusion anymore that they have kept everyone out. The bad guys are already in. Now it's about protecting the data, protecting where it lives, knowing who is accessing the data, how it is being accessed and where it is going.”
Steen says the combination of FireEye – with its focus on looking for malware activity - and Imperva – with a focus on watching data access including web application, file and database security – 'is about a faster response to these types of activities'.
“When FireEye finds a machine that is infected with some form of malware, Imperva then can automatically quarantine that machine not from the network, but from that sensitive data. From specific tables, columns and rows in your database that contain the sensitive data, from specific file shares that contain that important and sensitive data.
“By combining the two, it's really about speeding up that detection and the mitigation.”
Splunk meanwhile, provides the security intelligence platform to 'make sense' of all the data, says Mohamed Ibrahim, Splunk senior sales engineer.
The platform reads data not just from systems such as antivirus, IPS and firewalls, but standard IT data from getting an IP address from a DHCP server to accessing enterprise applications and company information, which can also indicate abnormal behaviours indicative of unknown threats.
“We see all data as security relevant,” Ibrahim says.
Costanzo says when it come to rebalancing that protfolio – and rolling out the three vendors' offerings to customers – different organisations will find quicker wins in different solutions.
“That's a matter of understanding their security posture, understanding the gaps, understanding the quick wins and which ones you can fill in quickly and most effectively.
“The solutions as a whole are very complementary and it's a different approach to security.”
He says the move to rebalance is 'a theme we're hearing more and more'.
“It's a longer term investment to make that happen because adjusting security spend is a two to three year process. But ultimately, it's about making sure your security customers and clients have a better security posture overall.”