An interesting aspect of being in a world-wide marketing role is getting exposure to a variety of real customer scenarios from across the globe, be it from sellers or customers. Stories about new threat challenges, changing priorities, failed implementations, business needs, cost pressures or administrative nightmares.

Many of these stories have common patterns to them; this blog post aims at capturing the top 3 common security enhancement approaches taken by customers.

Three Common Approaches to Secure Against the New Threat Landscape

With the magnitude and advancement of attack techniques; be it APTs, spear phishing, DDoS, cross-site scripting, etc, customers continue to use the well proven approach of increasing security layers within their IT environment to capture elusive threats. However, the variation in approach is mainly around where and how these layers are created.

Some of the common multi-layer security approaches can be listed as below, in no particular order.

1. Separate Security for ‘Each Entity’ in the Infrastructure

This is a simple, yet effective approach, where customers add security to each physical (and now also virtual) infrastructure. Separate agents manage network, endpoint and hypervisor security. A recent example would be a leading telecom company based out of the Middle East, which faced state sponsored threats, and decided to take this defense in-depth approach.

They implemented Host Intrusion Prevention solutions across their 1000 plus servers and utilized Virtual Server Protection to secure their virtual environment hypervisors. They already had Network Intrusion Prevention implemented and successfully running, however with the increase in attacks, they decided to secure each layer to catch any of the slipped attacks.

The challenge that this approach could bring is management of these multiple agents, hence products that can support heterogeneous environments and be managed by a centralized console is critical to make this approach effective.

2. Using a ‘Multi-Vendor’ Approach on the Same Layer of Infrastructure

This approach is taken to get the best of both ‘worlds’ or in this case ‘vendors’, by combining the protection capabilities of different vendors to protect the IT environment. If a threat eludes one vendor agent, the second agent might identify it.

An example of this would be a customer based out of North America, who had implemented the IBM NIPS product on all their network gateways exposed  to internet/ external traffic and used a competitor NIPS to handle aspects of their intranet traffic. This approach does give the customer flexibility to choose agents based on the need of each network and these optimization could help with reducing overall licensing costs as well.

The main challenge to this approach is the need to utilize different consoles to manage separate vendor agents, hence requiring more administrative effort.

3. Utilizing a ‘Security Intelligence’ Layer on Top to Capture It All

This is about having an integrated view of the entire landscape, knitting separate incidents together to secure against advanced threats.

Customers are realizing the importance of utilizing big data to capture potential threats that work in tandem with each other. Security intelligence products that integrate with different point security products as well as review network and virtual network’s flow data have seen strong acceptance among customers. This also works well as it is a layer that integrates with the existing security landscape to provide additional value.

However, currently security intelligence platforms mainly detect and alert on possible threats. They don’t act on it or stop the threat as such. It is only one-way communication from the agent without talking back to the agent. This will probably be the next level of integration that future solutions will evolve to.