Understanding the context is part of the holy grail of decision-making, writes Ionut Ionescu. In any field of human endeavour, achieving accurate data points, having enough information (but not too much) and understanding the general situation in which we are asked to make a decision, are worthy objectives.
In the field of information security and technology risk, efforts have usually been concentrated on getting more data, filtering and processing it faster, and displaying it in a better or simpler way in order to enable a human to make an informed decision.
During the past two to three years, security suppliers have been rushing to add "context" to their tools. But, what does context mean when it comes to security? Could it be adding network behaviour analysis to IDS and firewall alerts? Could it be understanding the user and what access control privileges they have? Could it be placing security attributes to data? Or constantly knowing application state when allowing traffic flows through network enforcement points?
We have had some success in understanding context when it comes to application interaction and session management. Still, the supplier fraternity is speaking increasingly loudly about "context-aware technology", aided by another contemporary trend, big data.
Read more about context-aware security
- Security Think Tank: Context, the 5 Ws and H of security
- Security Think Tank: Context-aware security is about more than buying technology
- Security Think Tank: Begin switch to context-aware security now, says Gartner
- Security Think Tank: New tech trends fuel need for context-based security
- Security Think Tank: context-aware security is business-aware security
Without fully accusing the suppliers of talking up their book, I don't think that, for a user (for example, an enterprise), buying "context-aware" security technologies will dramatically simplify the job. The trouble is that all such tools have to be configured by a specialist with prior knowledge of the environment. So, a human has to understand the context before the tool can.
There may be number-crunching advantages coming from a clever and well configured tool, but they should not be overestimated. Also, even when a tool has a reasonable level of context built-in and is able to suggest reasonable courses of action, understanding the business workflow and complexities still require further analysis, to derive the right risk mitigation strategies. If just adding context was the solution, someone would have devised an expert system modelling the whole organisation from a security perspective and information security professionals would be out of a job.
In summary, these tools promise incremental help for the security professional, but I would be weary of buying them based on a supplier's return on investment calculations.
Ionut Ionescu is a member of the (ISC)2 EMEA Advisory Board