Story image

Vendors urge NZ businesses to rebalance & security portfolio

12 Nov 13

New Zealand businesses need to 'rebalance' their security portfolio to counter the changing threat landscape according to three security focused companies who are pitching a three-pronged – and three vendor – approach.

FireEye, Imperva and Splunk joined forces to present a unified front with the 'Enrich. Defend. Protect.' security roadshows in Auckland and Wellington.

The three vendors have partnered to provide what they claim is 'unparalleled visibility and control over this latest generation of security risks' which 'are specifically designed to evade traditional security controls and infrastructure'.

Rich Costanzo, FireEye ANZ sales engineering manager, notes that FireEye is seeing 'a brand new style of attack every three minutes.

Paul Steen, Imperva principal security architect for South Asia, Pacific and India, says that just like investment portfolios, which are 'rebalanced' regularly according to the financial market, so a customer's security protection should be readjusted as the threat landscape changes.

“If we look at what we were spending on security back in 2001, most companies were spending money on antivirus, firewall and IPS. Now we come to 2013 and what are we spending money on? Antivirus, firewall and IPS,” Steen says. “You can be sure the hackers have got a bit more creative.”

Steen says while controls such as next generation firewalls, antivirus and IPS remain valid for certain attacks, new threats are not addressed by them.

“An Imperva study compared 28 different forms of AV against known malware and the hit rate was less that 25%. While we still need this, maybe we should look at how we're spending our security budgets.”

Steen argued the case for protecting the data centre, or more specifically, the data, rather than relying solely on endpoint and network security.

“There are just too many threat vectors. There are so many ways into an enterprise [for hackers]. Chasing everyone one of those vectors is like chasing mice," he says.

"There might be 100 ways in, but there is always one target: the data, they're always going after the same target, the cheese. So maybe instead of spending all of our cash and all of our time and effect chasing the mice, how about we spend a little effort protecting the cheese?”

“No one is under the illusion anymore that they have kept everyone out. The bad guys are already in. Now it's about protecting the data, protecting where it lives, knowing who is accessing the data, how it is being accessed and where it is going.”

Steen says the combination of FireEye – with its focus on looking for malware activity - and Imperva – with a focus on watching data access including web application, file and database security – 'is about a faster response to these types of activities'.

“When FireEye finds a machine that is infected with some form of malware, Imperva then can automatically quarantine that machine not from the network, but from that sensitive data. From specific tables, columns and rows in your database that contain the sensitive data, from specific file shares that contain that important and sensitive data.

“By combining the two, it's really about speeding up that detection and the mitigation.”

Splunk meanwhile, provides the security intelligence platform to 'make sense' of all the data, says Mohamed Ibrahim, Splunk senior sales engineer.

The platform reads data not just from systems such as antivirus, IPS and firewalls, but standard IT data from getting an IP address from a DHCP server to accessing enterprise applications and company information, which can also indicate abnormal behaviours indicative of unknown threats.

“We see all data as security relevant,” Ibrahim says.

Costanzo says when it come to rebalancing that protfolio – and rolling out the three vendors' offerings to customers – different organisations will find quicker wins in different solutions.

“That's a matter of understanding their security posture, understanding the gaps, understanding the quick wins and which ones you can fill in quickly and most effectively.

“The solutions as a whole are very complementary and it's a different approach to security.”

He says the move to rebalance is 'a theme we're hearing more and more'.

“It's a longer term investment to make that happen because adjusting security spend is a two to three year process. But ultimately, it's about making sure your security customers and clients have a better security posture overall.”

White box losing out to brands in 100 GE switching market
H3C, Cisco and Huawei have all gained share in the growing competition in the data centre switching market.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Genesys PureCloud generates triple-digit revenue growth year on year
In Australia and New Zealand, the company boosted PureCloud revenue by nearly 100%.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Kidd made Ingram Micro executive for cloud
Barbara Kidd has been promoted to cloud general manager as the company signs new vendors to its Cloud Marketplace.
Open source will be the next big thing for the channel
Channel firms should be on the lookout for opportunities across open source and more diverse software offerings like software-defined containers and storage.