Not so long ago securing your agency was all about detection-centric defense: if you could, at the single point in time of an anti-virus scan, detect and stop all malware and viruses coming into the network, your data and your users, it was reasoned, were safe. Sadly those days are long gone and we’re all dealing with a much more complex security environment. Not only are security teams dealing with what can be seen coming in, but they also need to account for the unseen security threat – the type that comes into the network somehow cloaked, encrypted, or tunneled in. So how effective are technologies that allow anything they do not recognize immediately as a threat through and then forget these files ever existed?
Because there are now so many points of entry into a network that the idea of being able to prevent any and all attacks is simply a recipe for frustration and the perception of security failure. If we start from the premise that a security violation is inevitable, but controllable, then we’re a lot closer to actually being successful security practitioners.
In this recent article in Security Week, Marc Solomon, SVP of Products and Chief Marketing Officer at Sourcefire, discusses what tools a security team needs to have in order to catch these hidden threats to network security. Solomon’s premise is that tools and technology, like big data analytics and cloud computing, improve network visibility and the ability to remediate, by acting like the mirrors on a car to sharpen focus on things that need attention, illuminate blind spots an instantly quarantine malicious files that might have been lying dormant.
Here’s an excerpt, but to read his entire piece head on over to Security Week.
So how can you gain visibility and control after an unknown or suspicious file has permeated the network? Retrospective security serves as those ‘mirrors,’ enabling a new level of security effectiveness that combines retrospective detection and remediation with up-to-the-minute protection. IT security staff can continue to track, analyze and be alerted to files previously classified as safe but subsequently identified as malware and then take action to quarantine those files, remediate and create protections to prevent the risk of reinfection.
Key technologies have advanced to enable retrospective security. The first is big data analytics. Emerging with the explosive growth of data, storage and processing power, big data is a term used to characterize massively large data sets ranging in terabytes or petabytes. Retrospective security accesses big data and turns that data into information for automated actions as well as actionable intelligence that IT security teams can use to make more informed, timely security decisions after an attack…