Engage modern enterprise security practice to protect data

Data is the ultimate business asset. So, managing that data is the top priority of all 21st century businesses, right?

Data is the ultimate business asset. So, managing that data is the top priority of all 21st century businesses, right?

Wrong. Many businesses are still failing to implement adequate data management procedures, according to the latest security threat report from Sophos.

At the heart of the problem, perhaps, is the fact that ideas about what adequate data management looks like have not moved with the changing threat landscape.

Enterprise security is often disjointed, but this has to give way to a comprehensive approach, according to research firm Gartner.

Security activities and information generated by them can no longer be considered in isolation, says Gartner researcher Joseph Feiman.

"Mature enterprise security requires interaction and correlation of different security technologies to increase accuracy and breadth of security detection, remediation and protection," he says.

The comprehensive approach to information security says Feiman, also requires the integration and correlation of security and business context information to enable optimal security and risk assessment.

The benefits of this comprehensive approach to security fall into two main categories: advanced security and better business decisions.

Advanced security is mostly a result of interaction and correlation between different security software and hardware, between scanners and software, says Feiman.

This is aimed at raising the accuracy of vulnerability detection and protection from attacks.

For example, accuracy is improved through the interaction and correlation between static application security testing (SAST) and dynamic application security testing (DAST) scanners, he says, because the one confirms or disproves the findings of the other.

Interaction and correlation also expands the breadth of security detection and protection because SAST covers only programming and testing, and DAST covers only testing and operations, while a hybrid covers all three phases of the software development lifecycle.

Finally, interaction and correlation addresses many of the limitations of isolated security technology silos such as network, application and data security, and silos within silos, such as SAST and DAST scanners, says Feiman.

This enables new capabilities, he says, such as round the clock monitoring, that are central to web application firewalls (WAFs), but absent in DAST, and detailed knowledge of exploitable attacks that is limited in WAF, but central to DAST.

A comprehensive approach to security will enable better business decisions, says Feiman, because by correlating and integrating contextual information from all security scanners and monitors with information from business sources, enterprises will be able to get accurate answers to specific questions.

It will also enable security profiling of enterprise assets, policy enforcement and contextual risk assessment, he says.

Some security technology suppliers are starting to offer parts of what will eventually evolve into what Gartner calls enterprise security intelligence (ESI).

But Feiman says this will require industry-wide effort from vendors and enterprises, to create the necessary technologies, standards and best practices.

While this sets an objective for suppliers to deliver technologies that enable intelligence as a product and service, it also sets an objective for enterprises to lean to implement intelligence-enabled technologies, consume intelligence and act intelligently, he says.

Enterprises should immediately consider the benefits of ESI and begin planning for ESI adoption, says Gartner.

Through 2011, enterprises should use technology and information interaction and correlation as criteria to evaluate and select technologies that enable a higher accuracy of security vulnerability detection, remediation and protection, as well as security and risk management.

Enterprise should also look for ESI-like capabilities in existing and next-generation security technologies and evaluate possible enhancements that will help in the evolution of ESI, such as extending existing security information and event management systems to include application and data context.

From 2012 to 2015, enterprises should demand technology suppliers deliver standardised ESI-enabled technologies, and adopt an ESI strategy that defines a single strategic ESI objective, defines selection criteria for products and services, and defines practices and criteria for becoming ESI-enable.

According to Gartner, ESI is a necessary and important step in enterprise security, and both enterprises and technology suppliers should begin laying the groundwork for its development and implementation.

"The ESI concept makes it absolutely clear that what enterprises need in the security space is intelligence," says Feiman.

The concept of ESI offers the ability to dramatically improve enterprise security, says Gartner, but its potential benefits extend considerably further to include things like the ability to rationalise enterprise security spending.

Read more on Privacy and data protection