Companies are moving to the cloud for greater agility, flexibility and resilience, and they should be doing the same with security, says Greg Day, chief security officer for Europe at Palo Alto Networks.
“Security challenges and IT are now so dynamic that five-year plans no longer work,” he told the company’s End User Cybersecurity Summit in London.
To get ahead of the attackers, or at least on an even playing field, Day said organisations need to adapt their cyber defence capabilities at the same pace that adversaries are evolving their attacks.
Threat intelligence is an important element of any organisations defence capability, but the challenge facing organisations is being able to process threat intelligence and respond fast enough to be effective.
Legislation such as the EU’s General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive are also increasing the pressure on organisations to make sense of the security intelligence they are gathering, particularly from their own systems, to report breaches within 72 hours in some cases.
“Three years ago, organisations were taking an average of 229 days to identify a breach, two year ago this was around 205 days, while in 2017 this was down to 146, but simpler cases were being identified within 30 days.
“Although this shows progress is being made, being able to identify a breach within 30 days is not much use when the law requires it to be done within 72 hours, which means organisations have to change the way they consume intelligence and other security services,” said Day.
Cloud-based services the key enabler
While a growing number of security suppliers are attempting to tackle this problem with artificial intelligence, Palo Alto Networks believes that cloud-based services are the key enabler, and in June 2017 announced the Palo Alto Networks Application Framework to extend the capabilities of the Palo Alto Next-Generation Security Platform to enable organisations to implement innovative cloud-based security applications from any provider, large or small.
According to Palo Alto Networks, security platforms with open application programming interfaces (APIs) are set to turn the business model for the information security industry on its head in response to the need for new models that will drive more innovation, value and encourage sharing of threat intelligence in highly automated ways.
This is what the application framework is designed to deliver by enabling a software as a service (SaaS) consumption model, allowing customers to rapidly evaluate and deploy capabilities through security applications built by Palo Alto Networks, third-party developers, managed security service providers (MSSPs) and their own teams.
This new model is aimed at enabling organisations to activate cloud-delivered applications instantly from different providers as security needs change and without deploying or managing additional products.
The service-based model, said Day, is key to enabling organisations to apply the latest technological capabilities to meet changing cyber defence and other business requirements.
“By switching to a consumable subscription, organisations can put the responsibility on somebody else to keep pace with technology change so they can adapt their technology and service consumption to move with the business,” he said.
Read more about cloud-based security
- Cloud-based security has gained mass appeal for businesses small and large, and channel partners are taking notice.
- Security platforms to disrupt industry, predicts Palo Alto Networks.
- How a cloud-based HSM can boost enterprise security with enough effort.
- How to best employ cloud-based security services.
This approach, said Day, is useful from a cyber security perspective because flexibility of consumption is useful due to the fact that the volume of security-related data is only going to increase.
“So having the flexibility to take in more data and being able to process it faster without having to make big capex investments, enables security leaders to be more agile in supporting their team,” he said.
“Surely it is a good thing,” he added, to have the ability to be more resilient in terms of disaster recover to be able to focus more on security, and to have the ability to change as fast as the business does by switching to a subscription-based model.
In cyber security, understanding the problem is often easier than correlating information to make effective changes to respond to the problem, said Day.
“When I think about changing the consumption model, the core of this is how do I get to driving an action quicker,” he said.
Trialling security services
According to Day, cloud-based services can not only provide the processing power to correlate threat intelligence and co-ordinate responses, but can also enable the “app model” of consumption, where organisations can trial security services first, before deciding to sign up for a subscription or not.
Since announcing the Palo Alto Application Framework, the company has launched its Global Protect service that provides a central location for organisations to store all their security log data, and Magnifier, which is a cloud-based user behaviour analytics service.
“Magnifier is the first solution that truly leverages everything that we announced in the application framework,” said Day.
“Like any sensible organisation we want to prove that capability ourselves, and now we have a lot of those partners that we recognised last year, actively working on their releases, so in the coming months you will see a lot more of those third parties becoming available,” he told Computer Weekly.
When the application framework was announced, Palo Alto Networks said more than 30 security industry suppliers had indicated that they wanted to develop applications for the framework, including Carbon Black, CrowdStrike, ForeScout, IBM, Phantom, PhishMe, Proofpoint, ProtectWise, Recorded Future, Splunk and Wandera.