The rapidly changing threat climate is obsoleting security solutions installed just a few years ago, one security-industry CEO has warned as businesses leverage improved visibility, machine learning and proactive policymaking to formulate 'Security 2.0' frameworks that will last the next decade.
The confluence of capabilities has become essential for a security climate that was, only a few years ago, being designed using detect-and-respond approaches that offered limited insight into a company's overall security posture.
Companies lacked real-time visibility into the activities on their network and typically only adopted visibility tools for forensic purposes after a compromise was detected. "When I joined the company six years ago this market was very much an afterthought," Paul Hooper, CEO of security firm Gigamon, told CSO Australia.
These days, however, growing recognition of the importance of a coherent security policy had brought security planning to the forefront - and improved interest in visibility tools that provide a greater degree of proactivity.
"The thesis behind visibility, and its strategic value, are far better understood than they were back then," Hooper added. "Visibility is becoming an increasingly strategic component of infrastructure and, when companies do deployments and large buildouts, visibility is being designed in."
Governments, in particular, have been "laggards" in improving visibility of their environments - which are suffering "gaping holes" as new mobile, cloud and other capabilities are added without suitable visibility - but recent efforts such as the US Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) project, with which Gigamon is involved, reflect the recognised strategic value of better visibility solutions.
CDM will, in the words of the DHS, "provide adequate, risk-based and cost-effective cybersecurity and more efficiently allocate cybersecurity resources". While the entire program covers 15 continuous diagnostic capabilities, it is initially focused on "foundational" endpoint controls such as hardware and software management, configuration management, and vulnerability management. Phases 2 and 3 of the program, which is being extended to all US government entities, will address identity and infrastructure management.
Investments in security visibility will become crucial as looming mandatory breach notification laws kick in early in 2018, forcing Australian organisations to not only know when they face a security incident but to be able to report in detail on its extent and impact on sensitive data.
Feeding this requirement, recent weeks have seen the launch of new visibility tools including Cylance's artificial intelligence-driven CylanceOPTICS, Forcepoint's Forcepoint Web Security 8.3 - which the company said adds cloud-application discovery to eliminate 'shadow IT' blind spots - and Bitdefender's Hypervisor Introspection, which integrates security into the Citrix XenServer hypervisor to improve visibility of virtualised environments.
Sign up for CIO Asia eNewsletters.