Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Network security needs big data

Ahmed Banafa | Nov. 25, 2014
As the inadequacies of perimeter-centric defenses become clearer, the zero-trust model grows more appealing. As for ZTM, it will need big data to succeed.

Data Security
Credit: Thinkstock

There are two types of organization now: those that have been breached, and those that just don't know it yet.

A big part of the problem is that the traditional approach to network security, relying on perimeter-centric strategies, is failing. According to the 2014 Cyberthreat Defense Report, more than 60% of organizations fell victim to one or more successful cyberattacks last year. But it is the following statistic that shows the ineffectiveness of perimeter defenses: Studies have shown that between 66% and 90% of data breaches are identified, not by the organizations that are breached, but by third parties.

One alternative that is a strong candidate to improve the security situation is the zero-trust model (ZTM). This aggressive approach to network security monitors every piece of data possible, under the assumption that every file is a potential threat. It requires that all resources be accessed in a secure manner; that access control be on a need-to-know basis and strictly enforced; that systems verify and never trust; that all traffic be inspected, logged, and reviewed; and that systems be designed from the inside out instead of the outside in. It simplifies how information security is conceptualized by assuming there are no longer "trusted" interfaces, applications, traffic, networks or users. It takes the old model -- "trust but verify" -- and inverts it, because recent breaches have proved that when an organization trusts, it doesn't verify. This model was initially developed by John Kindervag of Forrester Research and popularized as a necessary evolution of traditional overlay security models.

In ZTM, companies should also analyze employee access and internal network traffic, and grant minimal employee access privileges. ZTM also emphasizes the importance of log analysis and increased use of tools that inspect the actual content of data packets.

According to a study conducted by Forrester on behalf of IBM, many organizations are already on the path to support ZTM, with their responses indicating that they have already adopted key ZTM concepts, whether though they may not be aware of ZTM itself. This is encouraging, since it suggests that full implementation of ATM could be a mere extension of activities already in place. Specifically, depending on activity (e.g., logging and inspecting all network traffic), between 58% and 83% of respondents are already behaving in ways that support ZTM concepts.

Big data meets ZTM
Using ZTM will generate enormous volumes of real-time data, the analysis of which will have IT managers drowning in log files, vulnerability scan reports, alerts, reports and more. Adding big data analytics to the mix will give IT managers a comprehensive view of their security landscape, exposing what is at risk, how severe the risks are, how important the asset at risk is and how to fix the security weakness.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.