Moving from Alert-Driven to Intelligence-Driven Security

Monday, January 05, 2015

Paul Lipman


One of the unfortunate by-products of the proliferation of point products within the Chief Information Security Officer (CISO’s) environment has been an avalanche of security events and alerts, making alert overload one of the banes of the modern CISO’s existence. In fact, a whole new category of products and services has grown up to attempt to bring order to this chaos, commonly referred to as Security Information and Event Management (SIEM).

However, managing security through alerts has been described as being analogous to driving a car down a busy highway at night by looking through a frosted rear-view mirror: it is not only misleading, but likely to end in disaster for all involved.

The emergence of smart, integrated, cloud-based security services will enable a transformation from an alert-centric to an intelligence-centric approach to security. This will vastly enhance the CISO’s visibility and ultimately deliver substantial improvements in the robustness of the overall security posture.

As the many components of the security infrastructure become aware of, and responsive to, each other we can begin to extract true intelligence from an understanding of the inter-relationship and correlation of activity across the internal network, endpoint devices, cloud-based applications and the internet at large.

As these services are delivered through the cloud, we will gain an unprecedented vantage point from which to extract intelligence in real-time across a global footprint of enterprises, end users and infrastructure – something that is simply impossible with today’s organizationally silo’d, event-driven approaches.

The transformation to a truly intelligence-based approach to security will entail the development of global cloud-based services with broad reach across all components of the extended enterprise infrastructure. And I'm not talking just internal to the network. These services will reach broadly across an array of service providers and applications.

Furthermore, new “big data” services will emerge to correlate, analyze and extract intelligence from the various data sources. These will be coupled with new approaches to data visualization, to enable assimilation of this intelligence, and rapid identification of trends, attacks and anomalies.

In 2015, the move from alert-drive to intelligence-driven security should remain at the forefront for businesses of all sizes. In addition, companies will undoubtedly face a range of new threats as the industry evolves, and as cybercriminals continue to develop new fronts in their attacks on personal and business data.

As we enter the new year, it will be more important than ever for businesses to remain vigilant and stay keenly alert to ongoing privacy threats and security breaches. Moving from alert-driven to intelligence-driven security will play a key role in delivering substantial improvements in the strength and size of the overall security posture within the organization.

Cloud Security General HIPAA PCI DSS General Infosec Island Budgets Enterprise Security Policy Security Awareness Security Training Breaches CVE DB Vulns US-CERT Privacy Vulnerabilities Webappsec->General
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.