The way we consume technology is changing, from working in the office to our choice of device whilst working on the move. These changes bring with them enhanced opportunities, but also far greater concerns over an organisation’s infrastructure. In order for all this technology to work seamlessly together, it is crucial that we take a proactive approach to securing the enterprise.
Prevention centric strategies obsolete
A recent Gartner report suggests that advanced targeted attacks are set to render prevention-centric security strategies obsolete, going on to predict that, by 2020, securing enterprise IT will require a shift to information and people-centric security strategies focused on an infrastructure’s endpoints.
Traditional prevention-centric security strategies work by blocking access via an infrastructure’s typical entry-points. However, the proliferation of mobile devices in the enterprise has dramatically increased the number of these potential entry points, rendering pure prevention-centric strategies unreliable. On top of this, traditional security strategies offer little or no protection against advanced persistent threats (APT’s), which have been engineered to avoid detection.
The importance of ITOA in providing total visibility
This is where the use of IT Operations Analytics (ITOA) comes in. ITOA can be used to continuously monitor businesses’ end-user devices to ensure compliance enforcement of company security policy and standards. According to Gartner, 80% of security breaches involve end-user devices, so it’s extremely important to have real-time visibility of the interaction between these end-user devices and the IT infrastructure.
For better protection from these more sophisticated attacks, organisations need visibility of what is going on across the whole enterprise infrastructure, including the endpoints, not just the traditional backend. To put it another way, organisations need a security camera to monitor unusual activity right around the perimeter of the house – not just the back door.
The current state of play – are organisations protecting themselves sufficiently?
Recently, Nexthink carried out a survey to investigate the current level of insight that IT teams have into the security of IT infrastructure. The results provided some interesting findings. For example, only a third of companies believe that they’re able to identify vulnerabilities before they can be exploited (37.62%). This is worryingly low but unsurprising; IT departments are struggling with the explosion of trends such as BYO, which continues to dominate, and more recently the challenges the Internet of Things (IoT) poses. According to our survey the majority of IT departments believe that the IoT represents a growth in threats to IT security (88%).
With all these different connected devices entering the workplace there are so many more challenges than previously anticipated. Organisations really need to take this seriously before it’s too late. This argument is supported by a statistic from our survey that just over a third of companies said they had a BYO policy (35.64%). Coupled with the fact that many devices being used in the workplace are not actually owned by the organisation, this creates yet another level of complexity. In a connected world it is imperative for organisations to have a BYO policy in place and support their policy by monitoring threats from the perspective that matters most – the end-user.
ITOA in action:
We have talked a lot about monitoring from the end-user perspective, but how does this actually help the average office worker sitting at their desk within an enterprise? Once an idea of what normal behaviour looks like has been established from the end-user perspective, ongoing access and activity can then be monitored and analysed in real-time. From the analysis, behavioural anomalies can then be identified and deviations from normal behaviour highlighted as being potentially malicious activity.
For example, areas such as frequency of access and the amount and type of information downloaded, can be identified as being indicative of malicious intent. ITOA can also be used to detect the presence of increasingly sophisticated threats, such as signatureless APTs, by recognising anomalies in the behaviour of users and devices. Having identified anomalous behaviour, it is then possible to isolate the affected endpoint and resolve the issue affecting the end-user.
As and when a breach occurs, this data can be used to glean a clearer insight into other users who may have also been targeted, and which systems affected and, from there, take the appropriate remedial actions. Because endpoints are being monitored in real-time, the action taken to resolve the situation is much quicker and more effective.
The importance of real-time analytics
Having accurate information in real- time is inherent in being able to operate an effective security policy. Our survey also found that more than one in ten IT security teams feel they don’t have up-to-date knowledge of current threats (11.88%). ITOA and the visibility these analytics provide into an organisation’s infrastructure are crucial in order to establish breaches or anomalies and detect potential threats.
The information provided by ITOA will help security compliance officers to enforce protocol across an organisation. In order to enforce policies and procedures you need to be able to establish what that threat is and highlight its detrimental effect to an organisation. The use of ITOA enables organisations to do so effectively and quickly before any damage to their infrastructure occurs.