As we explained in the previous article, security must be engaged in a full range strategy in order to achieve optimal results. Sadly, many organizations simply fall further behind in delivering the expected high-performance and secure user-to-application connection that is needed. And when they can, the approach usually can’t scale. The choices are to either slow down business or introduce more complexity—and risk—to the network.
The approach to network security needs to evolve. Here are five fundamental principles and practices that every organization needs to consider if they hope to get in front of and stay ahead of their current security challenges:
- To establish and maintain control over every edge, a unified security fabric is needed. It must be able to span the distributed and evolving network to detect threats, correlate data, and seamlessly enforce policy. This isn’t about selecting a single vendor. It’s about choosing the right vendors. This means that priority needs to be given to those vendors that leverage application programming interfaces (APIs) and common standards to support interoperability—especially those that allow policy decisions to be made outside of their solution.
- Deployed security solutions also need to have access to common datasets across all network edges, endpoints, and clouds, enriched with real-time global and community threat intelligence shared from every area of the organization. Network, endpoint, and clouds alike are common intelligence framework enables holistic analyses of the security and performance state, identifies emerging threats, and enables unified response across the organization.
- An integrated security framework needs to support and enable advanced data analysis, combined with the ability to automatically create new protections across the full attack cycle when those analytics detect previously unknown threats. This system should also be able to function autonomously within simpler environments. And, it should be linked to extended detection and response (XDR), security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions for increasingly advanced network operations center (NOC) and security operations center (SOC) environments.
- This security fabric also needs to be able to rapidly launch a coordinated threat response across the entire ecosystem the moment a threat is detected. This breaks the attack sequence before its objectives can be realized. Leveraging machine learning (ML) and artificial intelligence (AI) tied to dynamically generated playbooks makes this possible without introducing slowdowns or human error.
- Because change is the only constant in today’s digital world, a security fabric needs to be dynamic, meaning that it must be designed to scale up and out as the network it is securing evolves and adapts. This requires deep integration between security and the network components and functions so organizations can continually innovate and expand networking and operations ecosystems without a lag in protections.
At the end of the day, security is only as good as its ability to provide broad visibility and real-time granular controls across today’s increasingly complex and ever-evolving network. Reducing complexity is the first step in achieving that. Only then can advanced analytics, threat correlation, dynamic adaptability, and integrated threat response be possible. And those functions, combined with broad deployability, deep integration between security tools and between security and the network, and dynamic automation augmented by AI, are the hallmarks of any security system capable of defending today’s dynamic networks and connected ecosystems.